AD- A 197  406 


LABORATORY  FOR 
COMPUTER  SCIENCE 


OTIC  FILE  copy 


MASSACHUSETTS 
INSTITUTE  OF 
TECHNOLOGY 


MIT/LCS/TM-364 


ON  THE  CORRECTNESS  OF 
ATOMIC  MULTI-WRITER 
REGISTERS 


Russel  Schaffer 

Edited  by  Bard  Bloom 


DT1C 


June  1988 


V _ 

545  TECHNOLOGY  SQUARE,  CAMBRIDGE,  MASSACHUSETTS  02139 


'•  ~H’  STATEMENT  A 

A  ■  ,r lor  T_  I^v'lir 


SECURITY  CLASSIFICATION  OF  THIS  PAGE 


REPORT  DOCUMENTATION  PAGE 


1*.  REPORT  SECURITY  CLASSIFICATION 

Unclassified 


2a.  SECURITY  CLASSIFICATION  AUTHORITY 


2b  DECLASSIFICATION  /  DOWNGRADING  SCHEDULE 


4  PERFORMING  ORGANIZATION  REPORT  NUMBER(S) 

MIT/LCS/TM-364 


lb  RESTRICTIVE  MARKINGS 


3  DISTRIBUTION /AVAILABILITY  OF  REPORT 


6b.  OFFICE  SYMBOL 
(If  applicable) 


6a  NAME  OF  PERFORMING  ORGANIZATION 

MIT  Laboratory  for  Computer 
Science 


6c  ADDRESS  (Gty,  State,  and  ZIP  Code) 

545  Technology  Square 
Cambridge,  MA  02139 


8a  NAME  OF  FUNDING /SPONSORING 
ORGANIZATION 

DARPA/DOD 


8c.  ADDRESS  (City,  State,  and  ZIP  Code) 

1400  Wilson  Blvd. 
Arlington,  VA  22217 


1 1  TITLE  (Indude  Security  Classification) 


On  the  Correctness  of  Atomic  Multi-Writer  Registers 


8b  OFFICE  SYMBOL 
(If  applicable) 


Approved  for  public  release;  distribution 
is  unlimited. 


5  MONITORING  ORGANIZATION  REPORT  NUMBERS) 

N0Q014-85-K-0168,  N00014-83-K-0125 


7a  NAME  OF  MONITORING  ORGANIZATION 

Office  of  Naval  Research/Department  of  Navy 


7b.  ADDRESS  (Crty,  State,  and  ZIP  Code) 
Information  Systems  Program 
Arlington,  VA  22217 


9.  PROCUREMENT  INSTRUMENT  IDENTIFICATION  NUMBER 


10.  SOURCE  OF  FUNDING  NUMBERS 


PROGRAM 
ELEMENT  NO. 


PROJECT 

NO 


WORK  UNIT 
ACCESSION  NO 


12  PERSONAL  AUTHOR(S) 

Schaffer,  Russel 


1 3a  TYPE  OF  REPORT 

Technical 


13b  TIME  COVERED 
FROM  TO 


14  BATE  OF  REPORT  (Year,  Month.  Day)  IS  PAGE  COUNT 

1988  June  58 


COSATI  CODES 


GROUP  SUB-GROUP 


18  SUBJECT  TERMS  (Continue  on  reverse  if  necessary  and  identify  by  block  number) 

y  atomic  registers;  multi^writer  registers;  wait-free, 
I/O  Automata 


19  ABSTRACT  ( Continue  on  reverse  if  necessary  and  identify  by  block  number) 

Errors  are  corrected  in  a  previously  published  multi-writer  register  algorithm. 
The  correctness  of  the  modified  algorithm  is  proved,  in  detail,  using  I/O  automata. 


20  DISTRIBUTION /AVAILABILITY  OF  ABSTRACT  21  ABSTRACT  SECURITY  CLASSIFICATION 

□  unclassipied/unumited  □  same  as  rpt  □  dtic  USERS  Unclassified _ 


22a  NAME  OP  RESPONSIBLE  INDIVIDUAL  |22b  TELEPHONE  (Include  Area  Code)  22 c  OFFICE  SYMBOL 

Judv  Little.  Publications  Coordinator  I  (617)  253-5894 _ 


00  FORM  1473,  84  MAR  83  APR  edition  may  be  used  until  exhausted  SECURITY  CLASSIFICATION  OF  THIS  PAGE 


All  other  editions  are  obsolete 


•US.  0«nnw»H  OHtmn  IMS  1*07  047 


Unclassified 


y> 


On  the  Correctness 
of 

Atomic  Multi- Writer  Registers 


Russt'l  Schaffer 


l»y  Haul  Bloom 


■In nr  7.  I!>SN 


\ li-i r.'id .  a nirm  tril  in  it  |trnv  ioindy  mult i-wrimr  r<'ftisl»T 

al“orii  Inn  I  li>‘  <  <iir'  '‘Iiion  of  (In’  inodilitd  nliiorilliiii  i.s  |>rov«’<l.  in  d<-tail.  n-inn 
I /( )  till' >n in l  ;i. 


K'\U"i-'l'  .-i»  <  >i  ii  i- '  r<  i>i>l'T>.  nmli  i-«  filer  r<'XM<  r*.  h .‘i  i  I  -  l'r»  ■*  • .  I/O  \nioiuaia 


l  lif  work  ol  Si-linff*  r  and  Hloom  was  s<ii | >| >< >rt <-< I  in  |>art  I >>  tin-  ()lfi<v  <>l 

Vnnl  Kisi’ar'li  mid' r  f  ’mil  rail  NillMlI  I  si-K-l)  1 1^  1  u  iln  National  -i  i  ■ 

I  oil  ml  a  I  ion  mid'  r  ( <i  till  <  '(  I  I  I  I'J.  and  I  i  v  i  |i«>  I  )■  h  ns.  Ad  \  am''  d  Hi  >•  >  r  ■  •  1 1 

I’roj.  '  is  A^i  ii i\  and' r  (  oiiirai  i  Nnti(i|  l->.i-l\  n|L’"> 


Editor’s  Note 


This  is  Russel  Schaffer’s  Bachelor’s  Thesis,  written  under  the  direction  of  Nancy  Lynch 
at  MIT.  He  tried  to  prove  the  correctness  of  the  multi-writer  register  given  in  [PB],  using 
the  proof  methods  of  [BB].  His  proof  revealed  that  the  protocol  in  [PB]  was  incorrect, 
and  revealed  how  to  fix  it. 


The  academic  year  is  over,  and  Russel  Schaffer  does  not  have  access  to  computers  at 
the  moment.  A  few  minor  changes  have  been  made  to  this  document;  a  more  polished 
version  is  in  preparation.  (In  particular,  the  initial  writes  to  the  register  will  be  handled 
correctly,  and  a  somewhat  more  intuitive  reader-placement  proof  will  be  presented.)  As 
register  protocols  are  an  active  area  of  research,  it  seems  desirable  to  make  this  work 
available  in  preliminary  form  as  soon  as  possible. 

True  understanding  of  a  register  algorithm  is  as  hard  to  hold  as  an  Aurora  Borealis, 
and  as  hard  to  put  in  words.  Even  the  simplest  protocols  are  very  hard  to  understand 
correctly,  and  the  best  researchers  in  the  field  have  been  mislead  by  their  intuition. 


Schaffer  does  not  depend  on  intuition.  Every  statement  in  this  proof  is  in  ordinary 
mathematical  language;  if  you  ’re  not  sure  of  exactly  what  it  means,  you  can  look  at 
the  definitions  and  watch  the  automaton  make  transitions  and  figure  it  out.1  Every 
statement  in  this  proof  can  be  understood  and  checked  without  undue  effort.  Given 
time  and  energy  -  mathematical  inspiration  is  not  necessary  -  this  proof  can  be  verified. 

I  hope  that  this  work  will  provide  inspiration  to  researchers  trying  to  write  easily 
understandable,  checkable,  and  complete  proofs  of  atomic  register  protocols. 


Bard  Bloom,  editor 
Cambridge,  Mass 
June  9,  1988 
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'Actually,  von  do  have  to  compile  the  Pascal  code  to  I/O  Automaton  states  yourself. 


1  Introduction 


The  problem  of  constructing  a  multi-writer,  multi-reader  atomic  register  was  first  intro¬ 
duced  by  Lamport  [LL]  and  Peterson  [P).  It  has,  at  this  point,  been  addressed  by  several 
papers  by  different  authors  [BB],[IL],[LV],[PB],[VA].  As  a  result  of  the  difficult  nature 
of  the  the  problem,  however,  most  of  these  papers  are  rather  hard  to  understand;  it  is 
not  generally  easy  to  grasp  the  intuition  behind  some  of  the  algorithms,  and  the  proofs 
of  correctness  provided  are  sometimes  not  as  rigorous  or  detailed  as  one  would  desire 
for  a  problem  of  this  difficulty.  Indeed,  in  the  cases  of  [PB]  and  [VA],  close  examination 
of  the  algorithms  uncovered  problems  with  the  correctness  of  the  algorithms. 

There  is,  however,  one  paper  on  the  subject  that  distinguishes  itself  as  both  intu¬ 
itively  appealing  and  completely  rigorous;  that  paper  presents  a  construction  for  the 
specific  case  of  a  two- writer,  multi-reader  atomic  register  [BB].  It  is  the  purpose  of  this 
paper  to  to  provide  both  an  intuitive  feel  for  and  a  rigorous  proof  of  correctness  of  a 
modified  version  of  the  more  general  algorithm  presented  in  [PB];  [BB]  is  used  as  a 
model  for  this  paper.  Consequently,  many  of  the  facts  proved  in  this  paper  are  the  same 
as  or  resemble  those  proved  in  [BB]  or  [PB].  The  terminology  and  notation  of  these 
papers  has  been  largely  retained  in  the  interest  of  consistency. 

It  was  necessary  to  prove  correct  a  modified  version  of  the  algorithm  from  [PB] 
because,  in  the  course  of  developing  this  proof,  bugs  were  found  in  the  algorithm  from 
[PB].  Changes  were  thus  made  to  the  algorithm  from  [PB],  some  of  them  in  consultation 
with  one  of  the  authors  of  [PB],  to  correct  the  problems  with  the  published  algorithm. 

The  modified  version  of  the  algorithm  from  [PB]  constructs  an  m-writer  n-reader 
atomic  register  from  m  1-writer  m-fn- reader  atomic  registers.  The  algorithm  reqires 
that  each  of  these  registers  be  large  enough  to  contain  any  of  the  values  that  could  be 
written  to  the  m-writer  n-reader  atomic  register,  as  well  as  0(m)  storage  for  control 
information  that  is  used  by  the  algorithm.  In  the  worst  case,  the  algorithm  requires 
0(m2)  accesses  to  1- writer  m+n- reader  atomic  registers  to  perform  a  write  to  or  a  read 
of  the  m-writer  n-reader  atomic  register. 

The  proof  of  correctness  of  the  algorithm  is  carried  out  within  the  framework  of  the 
I/O  automaton  model.  It  is  based  on  arguments  about  the  order  of  particular  actions 
in  sequences  of  actions,  and  proceeds  by  proving  various  lemmas  and  theorems  that 
capture  the  essential  aspects  of  the  algorithm  in  a  rigorous  way.  As  such,  a  careful 
reading  of  the  proof  should  convince  one  of  the  correctness  of  the  algorithm. 

The  next  section  of  the  paper  presents  the  I/O  automaton  in  the  context  of  which  the 
proof  of  correctness  will  be  developed.  The  following  section  presents,  in  formal  terms, 
the  problem  that  we  are  trying  to  solve.  The  fourth  section  presents  the  architecture 
that  will  implement  the  solution.  The  fifth  section  gives  an  informal  description  of  the 
various  aspects  of  the  algorithm.  The  sixth  section  gives  a  formal  description,  in  the 
form  of  code,  of  the  algorithm.  The  seventh  section  presents  the  proof  of  correctnss. 
The  eighth  section  presents  the  conclusions  of  the  paper.  Finally,  the  appendix  presents 
the  counterexamples  that  were  found  to  the  algorithm  published  in  [PB].  The  paper 


body  should  be  read  sequentially.  The  appendix,  however,  depends  only  on  the  the  first 
six  sections  of  the  paper. 


2  The  Model 

This  paper  presents  the  algorithm  within  the  framework  of  the  I/O  automaton  model. 
The  following  formal  description  of  a  subset  of  that  model  is  copied,  with  modifications, 
from  [Ly].  Further  description  of  this  model  may  be  found  in  [LTl]  and  [LT2] 

We  will  assume  a  universal  set  of  actions.  Sequences  of  actions  will  be  used  to 
describe  the  behavior  of  modules  in  concurrent  systems.  Since  the  same  action  may 
occur  several  times  in  a  sequence,  it  is  convenient  to  distinguish  the  different  occurrences; 
we  refer  to  a  particular  occurrence  of  an  action  in  a  sequence  as  an  event. 

The  actions  of  each  automaton  are  classified  as  input,  output,  or  internal.  The 
distinctions  are  that  input  actions  are  not  under  the  automaton’s  control,  output  actions 
are  under  the  automaton’s  control  and  externally  observable,  and  internal  actions  are 
under  the  automaton’s  control  but  not  externally  observable.  In  order  to  describe  this 
classification,  each  automaton  comes  equipped  with  an  “action  signature”. 

An  action  signature  5  is  an  ordered  triple  consisting  of  three  pairwise-disjoint  sets 
of  actions.  We  write  tn(5),  out(S)  and  int(S)  for  the  three  components  of  S,  and  refer 
to  the  actions  in  the  three  sets  as  the  input  actions,  output  actions  and  internal  actions 
of  S,  respectively.  We  will  let  acts(S)  =  in(S){Jout(S)Uint(S)  and  will  refer  to  acts(S) 
as  the  set  of  actions  of  5.  We  will  refer  to  the  actions  under  the  automaton’s  control 
as  local(S);  local(S)  =  out(S)  U  int(S).  The  actions  ext(S)  =  in(S)  U  out(S)  will  be 
refered  to  as  the  exteral  actions  of  the  automaton. 

Since  I/O  automata  are  intended  to  model  complex  systems  with  any  number  of 
primitive  components,  each  automaton  A  comes  equipped  with  an  abstract  notion  of 
’’component”;  formally,  these  components  are  described  by  an  equivalence  relation  on 
local(sig(A ))  where  all  the  actions  in  one  equivalence  class  are  to  be  thought  of  as  under 
the  control  of  the  same  primitive  system  component. 

We  will  think  of  an  I/O  automaton  as  consisting  of  the  following  components: 

1.  An  action  signature  sig(A). 

2.  A  set  states(A)  of  states. 

3.  A  nonempty  set  start(A)  C  states(A)  of  start  states. 

4.  A  transition  relation  steps(A)  C  states(A)  x  acts(sig(A))  y  states(A),  with  the 
property  that  for  every  state  s'  and  input  action  x  there  is  a  transition  (s',x,s) 
in  steps(A). 

5.  An  equivalence  relation,  as  described  above,  part(A)  on  local(sig(A))  having  at 
most  countably  many  equivalence  classes. 
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We  refer  to  an  element  (s',ic,  s)  of  steps(A)  as  a  step  of  A. 

An  eiecntton  of  A  is  a  finite  or  infinite  alternating  sequence  of  states  and  actions 
such  that  so  €  atart{A).  We  denote  the  set  of  executions  of  A  by 
execs(A ).  Throughout  the  proof  of  correctness  of  the  algorithm,  we  will  want  to  refer 
to  states  within  the  context  of  an  execution.  Thus  when  we  refer  to  the  state  Si  in  the 
execution  above,  we  are  refering  to  both  its  place  in  the  execution  and  to  the  globed 
state  of  the  automaton  that  it  represents.  Consequently,  it  will  make  sense  to  say  that 
si  <  S2  or  si  <  7r 2  in  the  above  execution. 

A  fair  execution  of  an  automaton  A  is  defined  to  be  an  execution  a  of  A  such  that 
the  following  conditions  hoid  for  each  class  C  of  part(A). 

1.  If  a  is  finite,  then  no  action  of  C  is  enabled  in  the  final  state  of  a. 

2.  If  a  is  infinite,  then  either  a  contains  infinitely  many  events  from  C,  or  else  a 
contains  infinitely  many  occurrences  of  states  in  which  no  action  of  C  is  enabled. 

Thus,  a  fair  execution  gives  “fair  turns”  to  each  class  of  part(A). 

A  finite  or  infinite  sequence  of  actions  of  A  is  said  to  be  a  schedule  of  A  if  it  is  the 
subsequence  of  some  execution  e  of  A  consisting  of  all  of  the  actions  in  e.  We  denote 
the  set  of  schedules  of  A  by  scheds(A ).  A  schedule  is  said  to  be  a  fair  schedule  if  it  is 
the  subsequence  of  actions  of  some  fair  execution. 

The  remaining  definitions  relate  the  method  by  which  a  collection  of  automata  is 
composed  to  form  a  new  automaton. 

A  countable  collection  S  of  action  signatures  is  said  to  be  compatible  if  it  satisfies 
the  following  two  properties  for  every  S',  S"  6  S,  S'  £  S": 

1.  out(S')  fl  out(S")  =  0. 

2.  int(S')  PI  acts(S ")  =  0. 

Thus,  no  action  is  an  output  of  more  than  one  signature  in  the  collection,  and  internal 
actions  of  any  signature  do  not  appear  in  any  other  signature  in  the  collection. 

The  composition  S  of  a  countable  collection  S  of  compatible  action  signatures  is 
defined  to  be  the  action  signature  with 

1.  in(S)  =  IJs'es  MS')  \  Us'es  out(S'). 

2.  out(S)  =  Us'es  out(S'). 

3.  int(S)  =  Us'e<s  ^t(S'). 


mstssm 


Thus,  output  actions  are  those  that  are  outputs  of  any  of  the  component  signatures, 
and  similarly  for  internal  actions.  Input  actions  are  any  actions  that  are  inputs  to  any 
of  the  component  signatures,  but  outputs  of  no  component  signature. 

The  composition  A  of  a  countable  collection  A  of  automata  with  compatible  action 
signatures  has  the  following  components;  let  1  be  an  index  set  for  A: 

1.  sig(A)  is  the  composition  of  {st^(A')|i4/  G  .4}. 

2.  states(A)  =  n,6/3*ates(.i4,). 

3.  start(A)  =  I"I«€/  -star^A,). 

4.  steps(A)  is  the  set  of  triples 

((sj),ir,(sj))  G  states(A)  x  sig(A)  x  states(A) 

such  that  for  all  i  €  /:  if  *  G  acts(Ai)  then  (sj,7r,s()  G  steps(Ai)  and  if  r  & 
acts(Ai)  then  a,  =  a{. 

5.  part(A)  =  \JA'eApart(A'). 

Each  step  of  the  composition  automaton  thus  consists  of  all  the  automata  that  have 
a  particular  action  in  their  signatures  performing  that  action  concurrently,  while  the 
automata  that  do  not  have  that  action  in  their  signatures  do  nothing.  In  other  words, 
all  component  automata  in  a  composition  continue  to  act  autonomously. 


3  The  Problem 

The  problem  of  constructing  an  m-writer  n-reader  atomic  register  will  be  seen  as  that 
of  constructing  an  I/O  automaton  with  the  following  actions  and  properties: 

1.  The  I/O  automaton  should  have  the  input  actions  Startw(i,v)  and  output  ac¬ 
tions  Finishyy(i)  for  all  t,  1  <  t  <  m  and  all  values  v  the  register  is  capable  of 
containing.  Similarly,  it  should  have  input  actions  Startfi(j)  and  output  actions 
Finishfi(j,  v)  for  all  j,  1  <  j  <  n. 

2.  In  any  fair  execution  of  the  automaton,  there  is  no  event  Startwi V'Y  interposed 
between  a  given  event  Start\y(i,v)  and  the  first  event  Finishw(i)  to  follow  the 
event  Start\y(i,  v).  Also,  there  is  no  event  Finish\y{i)'  between  a  given  event 
Finishw(i)  and  the  first  event  Start\y(i,v)  to  follow  Finishw(i)-  Similarly  for 
the  Startfi(j)  and  Finish(j,v).  2 

2  This  definition  in  formally  incorrect;  all  I/O  automata  are  input-enabled,  and  cannot  refuse 
StartW(,.V)  actions.  The  correct  way  to  state  this  in  this  model  is  to  allow  the  automaton  any  be¬ 
havior  for  sequences  which  violate  this  condition;  see  [BBJ.  This  will  be  corrected  in  a  later  version  of 
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3.  Given  a  fair  schedule  /3  of  the  automaton,  it  should  be  possible  to  insert  an  action 
Atomicw(i)  between  any  event  Startw(i ,  v )  and  the  following  Finishw(t),  and  an 
event  AtomicR(j)  between  any  event  StartR(j)  and  the  following  Finish,R(j,v), 
to  create  a  new  schedule  /3'  about  which  the  following  is  true:  given  any  events 
Atomicw(i)  and  Atomicn(j )  in  (3‘,  if  ew  —  Startw(i,vw)  is  the  last  event  of  the 
form  Startwih  v)  preceding  Atomicw  and  if  eR  =  FinistiR(j,  vr  is  the  first  event 
of  the  form  FinishR(j,  v)  following  AtomicR,  then  wjv  =  vr. 

An  m-writer  n-reader  atomic  register  is  an  automaton  that  satisfies  the  above  require¬ 
ments  in  such  a  manner  that  readers  and  writers  do  not  wait  (a  condition  we  will 
elaborate  upon  later). 


Intuitively,  the  first  of  the  above  requirements  states  that  there  are  m  channels  along 
which  writers  i  may  initiate  writes  of  values  v  to  the  m-writer  n-reader  atomic  register, 
and  n  channels  along  which  readers  j  may  initiate  reads  of  the  value  in  the  register. 
Requests  to  initiate  reads  and  writes  of  the  register  are  acknowledged  when  the  reads 
and  writes  have  completed;  acknowledgements  of  read  requests  return  the  value  v  that 
was  read  by  the  read. 

The  second  requirement  states  that  no  writer  or  reader  should  initiate  a  new  write 
or  read  until  an  acknowledgment  of  completion  is  received  for  the  last  write  or  read 
initiated.  Similarly,  it  implies  that  each  write  or  read  is  acknowledged  exactly  once. 
Note  that  the  requirement  that  writers  and  readers  wait  for  acknowledgements  is  beyond 
the  control  of  the  register  automata;  we  will  expect  that  writers  and  readers  comply 
with  this  requirement  and  will  not  define  the  behavior  of  the  register  if  they  do  not. 

The  final  requirement  above  states  that  we  should  be  able  to  linearly  order  the  reads 
and  writes  in  a  manner  that  is  consistent  both  with  the  order  in  which  the  reads  and 
writes  occured  and  with  the  behavior  we  expect  of  a  register.  We  should  thus  be  able  to 
think  of  overlapping  writes  and  reads  as  having  occured  in  some  fixed  order  such  that 
each  read  returns  the  value  written  by  the  last  write  that  preceeded  it  in  the  order. 


4  The  Architecture 


We  will  implement  such  an  m-writer  n-reader  atomic  register  as  a  composition  of  au¬ 
tomata  as  shown  in  figure  1. 

In  the  figure  1,  the  circles  represent  distinct  I/O  automata,  and  the  lines  represent 
channels  between  them.  The  heavy  lines  represent  write  channels,  while  the  lighter  lines 
represent  read  channels. 

the  paper. 


—  ed. 
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Figure  1:  The  composition  automaton. 


<*  s. 


Each  Writer  i  denotes  an  I/O  automaton  executing  the  algorithm’s  writer’s  pro¬ 
tocol.  The  actions  Stariw(i,v)  and  Finishw(i)  are  input  and  output  actions  of  the 
Writer  i  automaton.  We  will  think  of  a  particular  write  W  of  the  value  v  to  the  m- writer 
n-reader  atomic  register  as  the  Startw(i,v)  event  that  initiates  W,  the  Finishw(i) 
event  that  acknowledges  completion  of  W,  and  ail  actions  that  the  Writer  i  automa¬ 
ton  performs  in  between.  For  convenience,  we  will  refer  to  the  particular  Start\v(*iV) 
event  that  initiates  W  as  Start(W)  and  to  the  Finishw(i)  event  that  terminates  W  as 
Finish(W);  the  value  v  written  by  W  will  be  refered  to  as  Value(W). 

Similarly,  each  Reader  j  denotes  an  I/O  automaton  executing  the  algorithm’s  reader’s 
protocol.  The  actions  Startn(j)  and  Finishii(j,v)  are  input  and  output  actions  of  the 
Reader  j  automaton.  We  will  think  of  a  write  R  to  the  m-writer  n-reader  atomic  regis¬ 
ter  in  a  manner  analogous  to  that  in  which  we  think  a  write  W  to  the  register.  We  will 
define  Start(R)  and  Finish(R)  analogously  to  5tar<(W)  and  Finish(W)  above.  The 
value  v  returned  by  a  read  R  will  be  refered  to  as  Value(R). 

Finally,  each  Register  i  represents  a  1-writer,  m+n-reader  atomic  register  automa¬ 
ton  that  has  the  external  actions  startw[v),  finishw ,  startr(i),  and  finishr(i,v)  which 
are  defined  analogously  to  the  Startw(i,  v),  Finish\y{i),  Startn(j),  and  Finishn(j,v) 
actions  of  the  m-writer  n-reader  atomic  register.  We  will  define  reads  r,  writes  tn, 
start(r),  finish(r),  start(w),  and  finish(w)  for  the  1-writer  m+n-reader  atomic  reg¬ 
isters  analogously  to  the  definitions  we  made  above  for  the  m-writer  n-reader  atomic 
register.  Also,  for  each  read  r  and  write  w  of  a  1-writer  m+n-reader  atomic  register 
we  will  assume  the  existence  of  the  actions  atomic(r)  and  atomic(w)  at  which  we  can 
think  of  r  and  w  as  having  taken  place. 

By  the  wait-free  condition  that  we  require  of  our  m-writer  n-reader  atomic  register 
we  will  mean  that  for  any  read  R  by  any  reader  j  in  any  fair  execution  of  the  automaton, 
the  number  of  events  performed  by  the  Reader  j  between  Start(R)  and  Finish(R)  is 
bounded  by  a  fixed  constant  Cr.  Similarly,  the  number  of  events  performed  by  any 
Writer  i  automaton  as  part  of  any  write  in  any  fair  execution  must  be  bounded  by 
some  fixed  constant  Cw  • 


5  Informal  Description  of  the  Algorithm 

5.1  The  1- Writer  Registers 

So  far  we  have  established  the  composition  automaton  that  executes  the  algorithm.  We 
will  now  present  a  bit  of  intuition  to  explain  how  the  algorithm  should  work.  Note 
that  this  is  not  a  proof  of  correctness.  We  will  first  discuss  the  “version  numbers”  that 
are  maintained  by  the  writer  automata  in  their  associated  1-writer  m+n-reader  atomic 
registers. 

When  a  reader  automaton  receives  a  request  to  begin  a  read  of  the  value  in  the  m- 
writer  n-reader  atomic  register  implemented  by  the  composition  automaton  described 


K 


s  f  -r  S'  ^ ^ /»*«** 


earlier,  it  must  somehow  figure  out  which  writer’s  register  contains  the  value  that  is  the 
correct  one  to  return.  To  aid  in  this  process,  each  writer  maintains  a  set  of  “version 
numbers”  which  are  visible  to  the  readers  and  on  the  basis  of  which  a  current  value  may 
be  selected.  The  information  maintained  by  each  writer  i  in  its  register  is  as  follows: 

VN[i,j]  Every  time  writer  i  performs  a  write  that  does  not  time  out  (We  will  discuss 
what  that  means  later.)  to  the  m-writer  n-reader  atomic  register,  a  new  value 
of  VN[i,j]  is  written  into  writer  *’s  register  for  every  writer  j.  As  such  one  may 
think  of  V N  els  standing  for  the  Version  Number  of  the  most  recent  write.  The 
rules  for  choosing  the  new  V'iVfj,  j]  will  be  discussed  later. 

PVN[i,j]  Even  though  writer  i  changes  its  VW[t,.;]  every  time  it  performs  a  write 
that  does  not  time  out,  the  old  value  of  VN[i,j ]  does  not  immediately  disappear; 
whenever  the  value  of  VN[i,  j]  changes,  its  old  value  is  rewritten  by  writer  i  into 
its  register  as  the  value  PVN[i,j].  As  such,  PVN  may  be  thought  to  stand  for 
Previous  Version  Number. 

OVN[i,j]  In  the  process  of  performing  a  write  W,  writer  i  reads  the  version  numbers 
contained  in  the  other  writers’  registers  and  writes  them  into  its  own  register;  the 
value  read  for  VN[j,  i]  is  written  by  writer  t  into  its  register  as  OVN[i,j],  It  is 
thus  natural  to  think  of  OVN  as  standing  for  Other’s  Version  Number.  Since 
they  record  some  global  state  of  the  VN’s  that  occured  during  the  write  W,  these 
values  serve  as  a  sort  of  timestamp  to  communicate  the  relative  recency  of  the 
value,  Value[i]  in  register  i. 

V alue[i ]  At  the  same  time  that  it  writes  the  V'TVfi,  j],  PVJV[t,  j],  and  OVN[i,j],  writer  i 
also  writes  to  its  register  the  value,  Value(\V),  that  it  is  in  the  process  of  writing 
to  the  m-writer  n-reader  atomic  register.  This  value  is  written  by  writer  t  into  its 
register  as  Value[i]. 

PreOV N[i,j ]  This  value  is  used  only  by  writers.  It  contains  either  the  current  value  of 
OVN[i,j],  or  a  value  of  OVjVfi,.;]  that  writer  i  is  planning  to  write  but  has  not 
yet  written. 

It  is  sometimes  difficult  to  keep  all  of  these  different  indexed  variables  straight;  a 
partial  aid  to  remembering  them  is  provided  by  noting  that  the  first  index  of  a  variable 
is  always  the  index  of  the  writer  in  whose  1-writer  m+n-reader  register  the  variable 
resides.  The  VN[i,j]  reside  in  the  register  of  writer  i  and  are  thus  written  exclusively 
by  writer  t;  similarly  for  the  other  indexed  variables. 

Another  important  point  to  remember  is  that  the  first  four  variables,  the  V*JV[t',jf], 
PVN[i,j],  OVN[i,j],  and  Value[i],  are  written  to  writer  i  register  at  most  once  during 
any  write  W  by  writer  i.  These  variables  are  written  all  at  once  in  a  single  write 
to  writer  t’s  atomic  register,  and  performing  this  write  is  the  last  step  in  the  writers’ 
protocol  before  the  Finish(W)  action  at  the  end  of  the  protocol.  Consequently,  the 


values  of  these  variables  remain  constant  between  the  atomic  actions,  atomic(w),  of 
such  writes.  The  values  of  the  PreOV  N[i,j]  change  at  other  times. 

These  variables  will  initially  be  set  to: 

VN[i,j]  =  2 

OVN[i,j]  =  PVN[i,j]  =  PreOV  N[i,j]  =  1 

for  all  writers  i  and  j.  The  initial  value  that  the  m-writer  n-reader  atomic  register  is 
to  contain  should  be  placed  in  Value[m)\  the  initial  values  of  V  alue[k]  for  k  /  m  are  of 
no  importance. 

5.2  The  Reader’s  Protocol 

The  importance  of  these  variables  to  reads  is  that  by  examining  the  relative  values 
of  the  VN,  PVN,  and  OVN,  a  reader  automaton  should  be  able  to  determine  to  a 
large  extent  which  writers  wrote  most  recently.  Consequently,  a  reader  is  capable  of 
determining  which  of  the  V alne[i\  is  the  correct  one  to  return.  The  following  facts  are 
useful  in  this  respect: 

1.  If  at  some  point  OVN[t,j]  =  V N[j,  »],  then  at  that  point,  we  will  consider  the 
most  recent  write  by  writer  t  to  be  more  recent  than  the  most  recent  write  by 
writer  j.  This  is  so  for  the  following  reason:  when  writer  i  was  selecting  the 
value  of  VN\j,i\  to  write  as  OVN[i,j]  during  its  last  write,  it  chose  the  value 
VN\j,  t]  written  by  the  most  recent  write  by  writer  j]  this  implies  that  the  most 
recent  write  by  writer  t  was  still  deciding  what  to  write  after  the  point  where  the 
most  recent  write  by  writer  j  had  already  written.  Loosely  speaking,  we  say  that 
writer  i  “sees”  the  version  number  VN\j,  t]  that  was  written  by  the  most  recent 
write  by  writer  j.  This  means  that  if  writer  i  “sees”  writer  j’s  version  number, 
then  the  last  write  by  writer  >  will  be  considered  to  be  more  recent  than  that  of 
writer  j. 

2.  If  writer  i  “sees”  neither  the  VN  nor  the  PVN  of  writer  j,  that  is  if  OVN[i,  j]  j- 
VN\j,i]  and  OVN[i,j ]  ^  PVN\j,i\  at  some  point,  then  as  of  that  point,  the 
most  recent  write  by  writer  i  is  considerably  less  recent  than  that  by  writer  j. 
This  is  so  because  writer  j  must  have  written  at  least  twice  since  the  most  recent 
write  by  writer  i  was  selecting  the  value  of  VN\j,i)  it  would  write  as  OVN[i,f\. 
This  would  imply  that  the  value  contained  in  V alue[i]  is  particularly  archaic;  in 
general,  a  read  should  avoid  returning  such  a  value. 

3.  At  no  point  does  any  writer  ever  “see”  its  own  version  number;  that  is,  at  al. 
points,  OKAfft,!]  ^  V7V[i,i].  At  the  same  time,  however,  every  writer  alwayr 
“sees”  its  own  PVN\  at  all  points  OVN[i,i ]  =  FVA[i,t]. 
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Of  these  three  facts,  the  first  is  by  far  the  most  important.  Indeed,  it  captures  the 
essence  of  the  purpose  of  the  version  numbers.  It  is  on  the  basis  of  this  fact  that  we 
make  the  following  informal  definition.  At  a  given  point  for  a  given  writer  t,  we  will 
define  VNS(i)  to  be: 

VNS(i)  =  0'|1  <  j  <  m,OVN[i,j]  =  VN{j,i}}. 

It  is  an  important  fact  about  the  VNS  that  for  any  point  and  any  writers  i  and  j, 
either  KjVS'(i)  C  VNS(j)  or  VNS(j)  C  V'iVS'(t)  at  that  point.  (By  A  C  B  we  will 
mean  that  every  element  of  A  is  also  an  element  of  B.)  This  means  that  at  each  point 
there  will  be  some  writer  k  for  which  VNS(i)  C  VNS(k)  for  all  writers  i.  The  first  fact 
above  implies  that  if  VNS(i)  is  a  proper  subset  of  VNS(k)  for  some  writer  »,  that  is,  if 
writer  i  “sees”  the  version  numbers  of  fewer  writers  than  does  writer  fc,  then  V alue[k] 
should  be  treated  as  being  more  recent  than  Va/ue[i].  Since  set  inequality  implies  set 
inclusion,  we  conclude  that  |VrAr5(»)|  is  a  valid  measure  of  the  relative  recency  of  the 
last  write  of  Value[i\. 

Unfortunately,  |  V’Ar5(i)|  is  not  an  adequate  measure  of  recency  to  determine  uniquely 
which  writer  wrote  most  recently  and  thus  which  writer’s  register  contains  the  “current” 
value  of  the  m-writer  n-reader  register.  It  is  possible  to  have  two  separate  writers  t  and 
j,  *  i1  j »  that  write  at  more  or  less  the  same  time  resulting  in  VNS(i)  =  VNS(j)  and 
VNS(k)  C  VNS(i)  for  all  writers  k.  Thus  an  additional  measure  of  the  recency  of  a 
write  is  needed.  To  this  end  we  will  employ  the  second  fact  from  above  and  define,  for 
a  given  point  and  a  given  writer  i,  the  value  IV(i)  at  that  point  to  be: 


*»-{j 


if  for  all  writers  j,  OVN[i,j]  6  {VN[j, »],  PVN\j,  i]} 
otherwise. 


By  the  second  fact  from  above,  Value[i]  for  a  writer  i  for  which  N(i)  =  1  should 
be  considered  to  be  more  recent  than  Valve\j]  for  a  writer  j  for  which  N (j)  =  0. 
It  would  be  quite  desirable  if  the  two  measures  of  recency  that  we  have  just  defined, 
|VWS(i)|  and  N(i),  did  not  contradict  each  other;  that  is,  if  |VWS(»)|  >  |U1V5(j)|  then 
N(i)  >  N(j).  We  will  prove  that  these  two  measures  do  not  contradict  each  other;  the 
sum  N(i)  +  |ViV5(»)|  thus  serves  as  a  better  measure  of  recency  than  |VrlV5(t)|  alone. 

Unfortunately,  |VlV5(i)|  -f  N(t)  is  still  not  an  adequate  measure  of  recency  of 
V a/ue[i]  to  uniquely  determine  the  “current”  value  of  the  m-writer  n-reader  atomic  reg¬ 
ister.  It  is  again  possible  to  have  distinct  writers  i  and  j  such  that  |VrW5(i)|  +  N(i)  = 
I^S0')l  +  N(j)  and  |U^5(Jt)|  +  N(k)  <  |V,AT5(j)|  +  N(i)  for  all  writers  k.  Fortu¬ 
nately  |  V iV 5" ( * ) |  +  N(i)  is  a  strong  enough  measure  of  recency  that  we  can  make  the 
following  definition,  for  a  given  point,  of  F  at  that  point:  if  M  is  the  maximum  value  of 
|Vr7Vi'(i)|  +  N(i)  for  any  writer  i,  then  let  F  be  the  largest  numbered  writer  for  which 
|UjV5(/’)|  +  N(F)  =  M.  It  is  clear  that  at  any  point,  the  value  of  F  is  unique.  Our 
proof  of  correctness  will  show  that  V alue[F\  may  be  viewed  as  the  “current”  value  of 
the  m-writer  n-reader  atomic  register. 
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So  far  we  have  explained  how  one  determines  the  “current”  value  of  the  m-writer 
n-reader  register  based  on  the  values  of  the  V N ,  PV N ,  and  OVN.  What  we  have  not 
done  is  to  state  how  a  reader  goes  about  reading  a  set  of  such  values.  If  a  reader  were 
simply  to  scan  the  writers’  registers  in  succession,  starting  with  a  read  of  all  the  values 
in  writer  l’s  atomic  register  and  finishing  with  a  read  of  the  values  in  writer  m’s  atomic 
register,  then  if  we  were  to  compute  F  on  the  basis  of  the  values  observed,  Value[F ] 
need  not  be  a  correct  value  to  return.  It  is  entirely  possible  that  the  writers  could  write 
as  the  scan  is  taking  place;  such  writes  could  write  values  of  the  VN,  PV N ,  and  OVN 
that  mislead  a  read  into  returning  a  value  that  is  not  at  till  current. 

This  is  clearly  undesirable  behavior.  So  we  ask  if  a  reader  would  get  a  consistent 
set  of  values  if  it  were  to  scan  the  values  of  the  writers’  registers  twice,  starting  with  a 
read  of  the  values  in  writer  l’s  register  through  a  read  of  writer  m’s  register  followed 
by  another  read  of  writer  l’s  register  and  so  on  through  a  final  read  of  the  values  in 
writer  m’s  register,  if  we  were  to  require  that  the  values  ,  j]  observed  by  the  first 
scan  be  identical  with  the  values  V'TVft, j]  observed  by  the  second  scan  for  all  writers  * 
and  j,  would  the  second  scan  yield  a  set  of  values  from  which  we  could  determine  F  such 
that  V alue[F]  is  a  valid  value  to  return?  This  is  the  approach  adopted  by  the  code  in 
[PB].  This  approach  does  not  work;  it  is  the  basis  for  the  first  counterexample.  Indeed, 
even  if  one  were  to  require  that  not  only  the  VAT's  but  the  PVN's  and  the  OVN' s  as 
well  remain  constant  across  the  two  scans,  then  the  second  scan  still  does  not  return  a 
set  of  values  for  which  Value[F]  is  necessarily  a  correct  value  to  return.  The  algorithm 
that  we  will  prove  correct  incorporates  a  suggestion  by  Burns  that  a  reader  require  that 
all  of  the  VN' s,  OVjV’s,  and  PVN's  remain  constant  across  three  consecutive  scans  of 
the  writers’  registers. 

There  is  still  one  question  about  the  way  the  read  protocol  determines  the  value  of 
F  that  remains  unresolved.  It  is  entirely  possible  that  a  reader  could  perform  an  infinite 
sequence  of  scans  and  never  see  two  consecutive  scans  that  are  identical.  To  solve  this 
problem,  readers  keep  track  of  the  writers  whose  values  they  have  seen  change  between 
scans.  If,  in  the  course  of  a  read  R,  it  is  observed  that  a  writer  i  has  changed  its  values 
two  times,  then  because  writes  by  a  single  writer  are  not  permitted  to  overlap  in  time, 
the  write  W2  that  caused  the  second  change  of  value  must  have  started  after  the  end  of 
the  write  W\  that  caused  the  first  change  of  value.  Since  changing  the  values  visible  to 
readers  is  the  last  step  in  the  writer’s  protocol,  we  conclude  that  essentially  the  entire 
write  W2  was  performed  after  the  start  of  the  read  R  but  before  the  scan  that  observed 
the  second  change  in  the  values  in  writer  i's  register.  This  means  that  to  return  the 
value,  Va/ue[t],  written  by  the  write  W2  is  to  return  a  legitimate  value  for  the  read  R\ 
the  point  at  which  we  can  think  of  the  write  W2  as  having  occured  atomically  will 
necessarily  be  contained  within  the  bounds  of  R  so  if  we  think  of  R  as  having  occured 
immediately  after  that  point,  we  see  that  it  is  valid  if  Value(R)  =  Value{W2).  If  a 
reader  observes  that  a  writer  i  has  charged  its  value  twice,  then  it  will  take  this  course 
of  action,  returning  the  value  of  Value[i ]  observed  after  the  second  change;  reads  that 
return  a  value  determined  in  such  a  way  are  said  to  have  “timed  out.” 
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By  the  pigeonhole  principle,  it  is  necessary  that  after  2m  +  3  consecutive  scans  of 
the  registers,  either  three  consecutive  scans  have  returned  the  same  values  for  all  of  the 
writers,  or  some  writer  has  been  seen  to  change  its  values  at  least  twice.  Thus,  by  the 
time  at  most  2m  +  3  scans  have  been  completed  as  part  of  a  read,  that  read  has  either 
timed  out,  or  has  terminated  normally  having  completed  three  consecutive  scans  that 
return  the  same  values. 

In  summary,  the  algorithm’s  reader’s  protocol  operates  as  follows: 

1.  A  reader  performing  a  read  first  scans  the  writers’  registers  attempting  to  make 
three  consecutive  scans  that  return  the  same  values  of  VJV[i,  j]  for  all  writers  t 
and  j.  By  the  end  of  at  most  2m  +  3  scans,  either  three  such  scams  will  have  been 
observed,  or  the  read  will  have  timed  out  returning  a  value  written  by  a  writer 
whose  values  have  been  observed  to  change  twice.  If  three  consecutive  scans  return 
the  same  values  of  the  V  AT[t,  j]  then  the  values  observed  by  the  third  scan  are  used 
in  the  next  step  to  determine  the  value  to  return. 

2.  On  the  basis  of  the  values  read  in  the  first  step,  the  values  of  |VJVS(»)|,  N(i), 
and  F  are  computed.  The  value  of  Value[F]  seen  during  the  third  of  the  three 
consecutive,  identical  scans  from  the  first  step  is  then  returned. 

This  concludes  our  discussion  of  how  readers  choose  the  values  they  are  to  return. 

5.3  The  Writer’s  Protocol 

We  have  discussed  a  reader’s  choice  of  a  value  to  return  based  on  the  existence  of  several 
variables  maintained  by  the  writer  automata.  We  have  yet  to  demonstrate  how  these 
variables  are  maintained.  We  will  do  so  now. 

Just  as  a  reader  must  first  read  the  values  in  all  of  the  writers’  registers  to  determine 
what  value  to  return,  so  too  a  writer  must  first  read  all  of  the  writers’  registers  to 
determine  what  to  write.  Writers  read  the  VN,  OVN,  and  PreOVN  in  a  manner 
almost  identical  with  that  in  which  readers  read  the  VN,  PVN,  and  OVN  (although 
the  reason  why  the  method  works  is  somewhat  different  in  the  two  cases).  As  before,  a 
writer  obtains  values  for  the  VN,  OVN,  and  PreOVN  by  making  scans  of  the  writers’ 
registers.  This  time,  if  across  three  consecutive  scans,  none  of  the  VN,  PV N ,  or  OV N 
is  seen  to  change,  then  the  writer  may  assume  that  the  values  read  by  the  last  of  the 
three  scans  represent  a  state  of  the  world  on  the  basis  of  which  the  writer  may  complete 
its  write.  It  is  very  important  to  note  that  a  writer  does  not  require  that  the  PreOVN 
remain  constant  across  scans;  only  the  VN,  PVN,  and  OVN  must  remain  constant 
across  scans. 

Assuming  that  a  writer  i  has,  as  some  point,  successfully  read  the  values  of  VN\j,  k], 
OV N\j,  k],  and  PreOV N\j,  fc],  for  all  writers  j  and  k ,  it  chooses  the  values  it  will  write 
for  the  VN[i,  j),  PVN[i,j],  and  OV N[i,j\,  for  all  writers  j  as  follows: 


VN[i,j]  Since  we  want  to  have  OVN\j,i]  =  VN[i,j]  only  for  writers  j  whose  most 
recent  writes  are  more  recent  than  the  most  recent  write  by  writer  i,  we  must 
choose  VN[i,j]  ^  OVN\j,i).  Similarly,  since  PreOV  N[j,i]  is  the  value  that  an 
ongoing  write  by  writer  j  is  planning  to  write  for  OVN[j,  *],  we  want  to  choose 
VN[i,j]  ^  PreOV N[j,  t];  otherwise  we  would  imply  falsely  that  the  ongoing  write 
by  writer  j  had  chosen  the  value  it  is  to  write  for  OVN[j,i]  on  the  basis  of  the 
value  of  VN[t,  j]  that  we  are  choosing  here  but  have  not  yet  written.  Finally,  since 
V is  to  serve  as  a  “version  number”  for  the  current  write  by  writer  t,  it  must 
be  different  from  the  value  previously  written  for  VN[i,j].  We  thus  choose  the 
new  value  for  V'lVft,  j]  to  be  an  arbitrary  element  of  the  observed  set: 

{1, 2, 3, 4}  \  {0 VN\j, »],  PreOVN[j,  *],  FiV[t,  j}}. 

PVN[i,j]  Since  we  want  PVN[i,j]  to  be  the  value  that  was  previously  written  for 
VN[i,j],  we  will  choose  PVA^i,;]  to  be  the  observed  value  for  ViV 

PVN[i,j]  :=  VN[i,j]. 

OVlV(t,j]  As  was  mentioned  during  the  discussion  of  the  version  numbers,  the  values 
of  the  OVN[i,j]  are  to  represent  the  values  of  the  VN\j,  t]  observed  by  writer  f. 
Consequently,  we  assign: 

OVN[i,j]:=  VN\j,i). 

After  a  writer  »  performing  a  write  W  has  chosen  the  values  it  is  to  write  for  VW[t,  j], 
PVlV[i,  j],  and  OV it  proceeds  to  write  to  its  register,  in  one  fell  swoop,  Va/tte[tj, 
and  VW[i,  j],  PVA[i,j],  and  OVN[i,j)  for  all  writers  j. 

The  PreOV N[i,j]  are  written  somewhat  differently.  As  it  is  the  purpose  of  the 
PreOV N[i,j]  to  inform  other  writers  of  the  value  of  OVN[i,j]  that  will  be  written, 
but  has  not  yet  been  written,  it  is  vital  that  the  PreOV N[i,j]  be  written  as  early  as 
possible.  Thus  the  PreOV N[i,j]  are  written  following  the  first  scan  of  the  writers’ 
registers  and  following  each  subsequent  scan  that  returns  values  different  from  those 
returned  by  the  previous  scan.  Thus  each  time  a  scan  returns  a  potentially  new  set  of 
VN[j,  *],  we  write  the  new  values: 

PreOV N[i,j)  :=  VN\j,i] 

for  all  writers  j. 

As  was  the  case  with  the  reader’s  protocol,  a  writer  performing  a  write  could  perform 
an  infinite  sequence  of  scans  and  never  see  three  consecutive  scans  return  the  same  val¬ 
ues.  The  solution  here  is  the  same  as  with  the  reader’s  protocol.  As  a  writer  i  performs 
scans  of  the  writers’  registers,  it  keeps  track  of  those  writers  that  have  been  seen  to 
change  values  between  scans.  As  before,  if  some  writer  is  seen  to  change  its  values  more 
than  once,  the  last  write  was  performed  within  the  time  bounds  of  writer  i’s  current 


write.  The  “atomic”  action  for  writer  i’s  current  write  may  thus  be  placed  immedi¬ 
ately  before  that  of  the  write  that  is  performed  within  its  Start  and  Finish  bounds; 
writer  i  simply  terminates  its  write  without  changing  Value\i],  V'iVft,  j],  PVN[i,j],  or 
OVN[i,j].  A  writer  that  terminates  in  this  manner  is  said  to  have  “timed  out.”  Note 
that  since  writer  i  does  not  change  its  values  while  it  is  scanning  (The  PreOV N[i,j]'s 
are  not  compared  across  scans.),  and  three  consecutive,  identical  scans  are  needed,  the 
pigeonhole  principle  dictates  a  ceiling  on  the  number  of  scans  that  a  writer  need  per¬ 
form  that  is  somewhat  different  from  the  corresponding  ceiling  for  readers;  after  at  most 
2m  +  1  scans,  a  writer  has  either  seen  three  consecutive,  identical  scans  or  has  timed 
out. 

Thus  we  can  summarize  the  operation  of  the  writer’s  protocol  as  follows: 

1.  A  writer  performing  a  write  first  repeatedly  performs  scans  of  the  writers’  registers. 
After  each  scan  (except  the  first),  the  values  read  for  the  VN,  PVN ,  and  OVN 
are  compared  to  those  that  were  read  by  the  previous  scan;  if  any  of  these  variables 
is  seen  to  change,  note  is  made  of  the  writer  that  performed  the  change. 

2.  After  the  first  scan  and  after  each  subsequent  scan  that  observes  values  different 
from  those  of  the  scan  that  preceded  it,  the  writer  writes  out  its  PreOV  N[i,j]' s. 

3.  If  after  2m  +  1  scans,  no  three  consecutive  scans  have  been  observed  to  have 
the  same  values,  the  write  times  out  by  exiting  without  doing  anything  further. 
Otherwise,  the  values  returned  by  the  third  scam  of  a  set  of  three  consecutive, 
identical  scans  are  taken  to  be  a  consistent  state  of  the  VN,  OVN ,  and  PreOVN. 

4.  New  values  are  now  chosen  for  the  VlV[*,j],  OVN[i,j],  amd  PVN[i,  j]  according 
to  the  rules  expressed  earlier.  After  these  values  have  been  chosen,  they,  along 
with  the  new  value  for  V  alue[i\  are  written  to  writer  i’s  atomic  register  in  a  single 
write. 

This  completes  the  discussion  of  the  writer’s  protocol. 

6  Formal  Description  of  the  Algorithm 

The  code  for  the  algorithm  we  will  be  proving  correct  is  found  in  figures  2  and  3.  This 
is  essentially  a  re-written  version  of  the  code  given  in  [PB]  with  the  following  changes  of 
significance:  the  number  of  consecutive,  identical  scans  a  reader  makes  is  now  three;  all 
of  the  VN's,  PVN' s,  and  OVN' s  are  now  compared  between  scans  for  both  reads  and 
writes;  and  writers  read  the  PreOVN' s  when  they  read  the  other  values  in  the  writers’ 
registers.  The  first  two  of  these  were  suggested  by  Burns  as  corrections  to  eliminate 
the  first  counterexample.  The  third  is  a  fix  to  eliminate  the  conditions  that  led  to  the 
second  counterexample. 


Note  that  the  code  for  the  writer’s  protocol  is  specific  to  writer  it;  it  makes  use  of 
the  variable  k  in  the  code  so  that  it  knows  the  register  to  which  it  may  write.  Readers, 
on  the  other  hand,  all  execute  the  same  code.  Note  also  that  the  only  variables  that  are 
shared  among  the  protocols  are  the  Value,  VN,  PV N ,  OV N ,  and  PreOVN  as  these 
are  the  only  variables  stored  in  the  1-writer  m+ n-reader  atomic  registers.  All  other 
variables  are  local. 

An  additional  note  about  the  code  is  that  all  code  within  a  given  pair  of  >«  symbols 
is  to  be  performed  as  a  single  read  or  write  to  a  particular  atomic  register.  Thus  if  a 
loop  is  contained  within  the  triangle  symbols,  the  values  to  be  written  or  read  by  the 
loop  are  written  or  read  all  at  once;  the  loop  is  only  notation  to  quantify  what  gets 
written  or  read. 

The  code  for  the  reader’s  protocol  works  as  follows.  The  first  two  lines  initialize  vari¬ 
ables  that  are  used  for  control  purposes  in  the  remainder  of  the  code.  The  Same-Scans 
variable  records  the  number  of  identical  scans  that  have  been  performed  since  the  last 
observed  change  between  scans.  The  Timed-Out  variable  equals  zero  until  such  time 
as  some  writer  is  observed  to  have  twice  changed  the  values  in  its  register;  it  is  set  to 
the  number  of  a  writer  that  performed  two  observed  changes  when  such  changes  are 
observed.  The  ChangesJSeen  array  maintains  the  number  of  changes  that  each  writer 
has  been  observed  to  perform. 

Following  these  variable  initializations  is  the  code  that  performs  the  first  scan  of  the 
writer’s  registers;  the  code  designated  by  the  xScan(R)i  label  indicates  the  values  that 
are  to  be  read  from  the  each  register  i. 

After  this  first  section  of  code  is  a  segment  of  code  that  is  repeated  at  most  2m  +  2 
times.  It  performs  the  following  steps: 

1.  The  values  read  by  the  previous  scan  are  saved  for  future  reference  in  the  Save-Scan 
arrays. 

2.  Another  scan  is  performed;  again,  the  lines  of  code  indicating  which  values  are 
read  from  register  i  are  labeled  xScan(R)i. 

3.  The  values  read  by  the  scan  from  the  last  step  are  compared  with  those  read  by 
the  previous  scan;  any  registers  that  are  observed  to  have  changed  their  values  are 
recored  in  the  ChangesSeen  array. 

4.  If  any  changes  at  all  were  observed  between  the  last  two  scans,  then  a  check  is 
made  to  see  if  any  writer  has  now  been  observed  to  change  its  values  twice,  setting 
Timed.Out  appropriately  if  so.  If,  however,  no  changes  were  observed  between 
the  last  two  scans,  that  fact  is  recorded  by  incrementing  the  running  number  of 
consecutive,  identical  scans  that  is  stored  in  SameScans. 

This  sequence  of  steps  is  repeated  until  either  three  consecutive,  identical  scans  are 
observed  to  occur  or  some  writer  is  observed  to  change  twice. 


DEFINE 

W,rtKrjCAflnj«A^ine«J,a*t-Scan(i)  1  ^ 

V(V^  ^  (  ScanjO  V N[»,  j]  yl  Saa*<LScanJOVN[i,  j])) 
.Tl1S^Sm 

V(yi<^5m(5can^»VNlt,^  *  Sa**dJScan-PV N[i, ,))), 
Any _C“ hang* -Stnc*-Last -Scan  i  rit»f  jgfc«wn<. 

V  N  S-SiM*(t)  «  |{i  £  m|Scon.OVN[i,i)  -  Scan.VN\J,  i))|; 

n(.)H  i  ./  Ai5,<m(o^l,,l€(vi,U.O.PvNU.O» 

0  olh«riM*»«T 

M  B  MAX {VJV S-Si *e(0  +  N(t)U 
F  m  MAX {l  £  *  <  m\VNS-StM*(i)  +  N(i)  -  M>; 


BEGIN 

5ami^can«  :•  0;  Tim«d.Out  :•  0; 

FOR  *  :m  l  TO  m  DO  Chang**-S*4n[i]  :m  0;  END; 

FOR  i  :m  l  TO  m  DO 

►  FOR  }  :m  l  TO  m  DO  Scan.VN[i>)\  :m  END; 

FOR  )  :■  1  TO  m  DO  Scan-O VMi,  >1  OVN\it}\t  END; 

FOR  )  :m  1  TO  m  DO  Scan_PVN(if  :m  PVN(i,>J;  END; 

5ean_Vaiu«(«]  :■  Val«(i);  4 

END; 

Sam* -Scans  :m  1; 

REPEAT 

FOR  i  1  TO  m  DO 

FOR  ^  -  1  TO  m  DO  Savad-Scan-V  N[i,  »  Smji.V'NI*,)!;  END; 

FOR  }  J  TO  m  DO  Sovd-ScanjOV NU,  A  ;m  Scan-DV  H\it  y 1;  END; 

FOR  j  1  TO  m  DO  Sa**4ScanJ>VN[i,  A  :m  Scan-PVN[i,j j;  END; 

END; 

FOR  •  :■  1  TO  m  DO 

»  FOR  j  ;.lTO«  DO  Scan-VNJt.d  :•  END; 

FOR  j  -  1  TO  m  DO  5c«n-OVN[«,>1  :»  OVNfi.jl;  END; 

FOR  ;:»!TOmDO  5can-PVW(»,;j  :»  PVN[i,)\ ;  END; 

Scan. Value (•]  VaJ»c[i];  a 

END; 

FOR  i  :■  1  TO  m  DO 

IF  Hrrit«rXAian9«<L5inc«J^aita5can(i) 

TBEN  Cltanp««^««n(<1  :■  Ch«iif««jMn(i]  +  1; 

END; 

END; 

IF  AnyjChanga^incaJLatt^Scan 
THEN  5am«_5can«  :■  1; 

FOR  »  :«  1  TO  m  DO 

IF  Chang* ■  2  THEN  Tim«d«Out  :■  »;  END; 

END; 

ELSE  Savn«^£an«  :s  Same-Scant  +  1; 

END; 

UNTIL  5am«^cam  m  3  OR  TimcduOut  yf  0; 

IF  TimcdJDut  yl  0 

THEN  RETURN(  5ean.Val«4[rtme<i.O«t]); 

ELSE  RETURN(  Scan-V a(««{F] ); 

END; 

END; 


Figure  2:  The  reader’s  protocol. 
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W ntcrJS hanj<ci_Sincs_tai*_5con(i)  ■  j  <J<m(  S'eon.V'  N[i,  j)  | i  Savcd-Scan-V  N[i,  j])) 

W(Vj<,<m(S‘an-OV'*t''jl  *  SancdJScanJDVN\i,j\)) 


AnyJCI>anJ«_Smc«_La»l_Scon  ■  ( Vl<,<m  Wr,,tT-C >'*n*,d-S'nc*-La,,-Scan(')). 


BEGIN 

Sam«_Scan.  :m  0;  Timed^Out  a  0; 

FOR  •  in  I  TO  m  DO  Change>-S«en(i]  m  0;  END; 

FOR  i  «  1  TO  m  DO 

►  FOR  ,  1  TO  m  DO  Scan.VN(«,>]  -m  V/iEt*. >1;  END; 

FOR  )  :•  1  TO  m  DO  Sean.OVNfi,  j]  m  OVN[i,  j);  END; 

FOR  j  -  1  TO  m  DO  Scon_PV/V[i,jj  m  FVN[I,;];  END; 

P  Scan-PraOV N[i,  k]  :m  PrcOV  JV[i,  k], 

5ean.ValM«[i1  in  V'aJucfil;  4 

END; 

Samc^Scanc  ;■  1; 

REPEAT 

FOR  <  in  1  TO  m  DO 

FOR  j:«lTOmDO  Sav«d_Scon.VAT[i,  j)  :m  Scan.V  Affi.jl;  END; 

FOR  ji.lTOmDO  S  aa  cdJ  can  JDV  N[i.  jl  in  Scan  XI  VAIN,  ,1;  END 
FOR  ]  in  1  TO  m  DO  Saved^canJ>V Nji,  jj  in  Scan  _PVAHi,  .1;  END; 

END; 

IF  Samm-Scans  m  1 

THEN  »  FOR  1  in  1  TO  m  DO  PraOVNtk.i]  1 n  Scan.V  NU,  *1;  END;  a 
END;  11.. 

FOR  ■  a  1  TO  m  DO 

►  FOR  Ji.lTOmDO  Scan.V  Nli,j]  in  FAr(i,j];  END; 

FOR  )  m  I  TO  m  DO  Scan^OVJVli.o!  in  OVAlji.j];  END; 

FOR  Ji.lTOmDO  Scan  J>V  NU.  j]  m  PVMi.j];  END; 

PSean-NraOVNIi,  k]  :m  PrcOV ff[i,  k]; 

Sean-Valuafi]  im  V aim.!.];  4 

END, 

FOR  ■  in  1  TO  m  DO 

IF  IVnlarXkan|4ASiiic<J..ilJe.n(i) 

THEN  Ch.m^iJ«4m[i|  :m  Change. _S.«n[i]  +  |; 

END; 

IF  Any^Changa-Sinca^Lact^Scan 
THEN  5ame_5can.  :m  1; 

FOR  .  1-  1  TO  m  DO 

IF  CAang4<_5can[.]  m  3  THEN  TimcdjOnt  in  i;  END; 

END; 

ELSE  Samc-Scani  :■  Same —Scan,  -f  ; 

END; 

UNTIL  SamcJScanc  m  3  OR  Timcd-Oul  d  0; 

IF  T(med.Ouc  d  0 
THEN  RETURN; 

ELSE 

►  FOR  1  :m  1  TO  m  DO 

VN[*.  1]  in  An y({l,  J,  3,  4}  \  { Scan.V N[k,  i],  Scan.OVN[i,  kj,  P  Scan  J»r«OV  JVIi,  *]})■ 
O VjVfk,  .1  :m  Scan.V ' 
PVN(k,<j  :m  Scan.V N[fc,  i1, 

END; 

V alu«(k]  n  VALUE,  a 
RETURN; 

END; 

END; 


Figure  3:  Writer  It’s  protocol. 
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The  code  for  the  reader’s  protocol  concludes  by  returning  the  appropriate  value 
depending  upon  whether  it  is  to  time  out  or  terminate  normally. 

The  code  for  the  writer’s  protocol  begins  very  similarly  to  that  for  the  reader’s 
protocol.  It  initializes  the  control  variables  and  performs  a  first  scan  of  the  writers’ 
registers  in  the  same  manner  as  the  reader’s  protcol.  It  then  enters  a  section  of  repeated 
code  that  is  similar  to  the  repeated  section  of  code  with  the  following  differences: 

1.  Prior  to  performing  a  new  scan,  a  check  is  made  to  see  if  the  last  scan  performed 
was  the  first  scan  or  if  it  observed  a  change,  that  is,  a  check  is  made  to  see  if 
SameJScans  =  1.  If  so  the  values  of  the  VA^t,!;]  are  written  out  as  the  new 
PreOV N[k,i]\  otherwise  no  action  is  taken.  The  line  of  code  that  performs  this 
write  is  labeled  PWrite(W). 

2.  The  code  that  indicates  what  values  are  to  be  read  during  each  scan,  indicated  by 
the  a;5can(IV)j  label,  includes  a  line  to  read  the 

This  section  of  code  repeats  at  most  2m  times,  terminating  when  either  three  consec¬ 
utive,  identical  scans  have  been  observed,  or  when  some  writer  has  been  observed  to 
change  its  values  twice. 

If,  during  the  repeated  segment  of  code,  some  writer  was  observed  to  change  twice, 
the  writer’s  protocol  now  times  out  without  doing  anything  further.  Otherwise,  the 
appropriate  new  values  are  written  to  writer  fc’s  register  by  the  lines  of  code  designated 
by  the  Write(W )  label. 

7  Proof  of  Correctness 

7.1  Definitions 

To  make  future  reference  more  convenient,  we  will  begin  our  proof  of  correctness  with 
a  formal  restatement  of  all  of  the  definitions  made  in  previous  sections. 

DEFINITION:  Let  W  be  any  write  of  a  value  to  the  composition  automaton  and  R 
be  any  read  of  the  value  in  the  composition  automaton.  Then  Value(W)  and  Value(R) 
refer  to  the  values  written  by  W  and  read  by  R  respectively. 

DEFINITION:  Let  W  be  any  write  by  writer  t.  Then  the  following  actions  are 
associated  with  W\ 

Start(W)  The  request  to  writer  i  to  begin  the  write  W.  This  is  the  first  action  in  the 
write  W. 

Finish(W)  Acknowledgement  that  the  write  W  has  just  completed.  This  is  the  last 
action  ir  the  write  W. 


DEFINITION:  Let  W  be  any  write  by  writer  »  that  does  not  time  out.  Then  in 
addition  to  the  above  actions,  the  following  actions  are  associated  with  W: 

1  Scan(W)j  The  atomic  action  associated  with  the  read  of  writer  j’s  register  during  the 
first  of  the  last  three  scans  performed  by  writer  i  as  part  of  W.  Note  that  we  are 
actually  defining  the  m  separate  actions: 

lSeo»(WOi  <  15can(VV)2  <  . . .  <  l5con(W')m. 

PWrite(W)  The  atomic  action  associated  with  the  last  write  of  the  PreOVN[i,  j]  by 
writer  i  as  part  of  W .  Here  we  are  defining  only  one  action. 

2 Scan(W)j  The  atomic  action  associated  with  the  read  of  writer  j’s  register  during  the 
second  of  the  last  three  scans  performed  by  writer  t  as  part  of  W.  Note  again  that 
we  are  defining  m  separate  actions. 

Scan^)  A  synonum  for  2Scan{W)m.  The  significance  of  this  action  will  be  explained 
later. 

3 Scan(W)j  The  atomic  action  associated  with  the  read  of  writer  j’s  register  during  the 
last  scan  performed  by  writer  i  as  part  of  W .  Note  again  that  we  are  defining  m 
separate  actions. 

PScan(W)j  The  atomic  action  associated  with  the  last  read  of  PreOV N\j,  t]  from 
writer  j’s  register  performed  by  writer  i  as  part  of  W.  This  is  thus  synonymous 
with  3Scan(W)j. 

Write(W)  The  atomic  action  associated  with  the  write  of  Value(W)  and  new  VN's, 
OVN's,  and  PVN's  to  writer  i’s  register  as  part  of  the  write  W. 

Note  then  that  for  a  write  W  by  writer  i  that  does  not  time  out,  the  actions  defined 
above  are  synonymous  with  atomic  actions  of  reads  and  writes  performed  by  the  anal¬ 
ogously  labeled  lines  of  code  in  Figure  3.  Consequently  the  actions  of  W  defined  above 
occur  in  the  following  order: 

Start(W)  <  l5can(W)i  <  ...  <  15can(VF)TO  < 

PWrite(W)  < 

2Scan{W)\  <  ...  <  2Scan(W)m  =  Scan(W)  < 

35can(VF)i  =  PScot^W’)!  <  ...  <  3 Scan(W)m  =  PScan(W)m  < 
Write{W)  <  Finish(W) 

DEFINITION:  Let  R  be  any  read  by  reader  i.  Then  the  following  actions  are 
associated  with  R: 

Start(R)  The  request  to  reader  i  to  begin  the  read  R.  This  is  the  first  action  in  the 
read  R. 
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Finish(R)  Acknowledgement  that  the  read  R  has  just  completed.  This  is  the  last 
action  in  the  read  R. 

DEFINITION:  Let  R  be  any  read  by  reader  *  that  does  not  time  out.  Then  in 
addition  to  the  above  actions,  the  following  actions  are  associated  with  R: 

1  Scan(R)j  The  atomic  action  associated  with  the  read  of  writer  j's  register  during  the 
first  of  the  last  three  scans  performed  by  reader  t  as  part  of  R.  Note  that  we  are 
actually  defining  the  m  separate  actions: 

lScan(.ft)i  <  I5can(/i)2  <  ...  <  15can(/?)m. 

2 Scan(R)j  The  atomic  action  associated  with  the  reawl  of  writer  j' s  register  during  the 
second  of  the  last  three  scans  performed  by  reader  t  as  part  of  R.  Note  again  that 
we  are  defining  m  separate  actions. 

3 Scan(R)j  The  atomic  action  associated  with  the  read  of  writer  j’s  register  during  the 
last  scan  performed  by  reader  i  as  part  of  R.  Note  again  that  we  are  defining  m 
separate  actions. 

Note  that  for  a  read  R  by  reader  i  that  does  not  time  out,  the  actions  defined  above 
occur  in  the  following  order: 

Start(R)  <  lScan(R)i  <  . . .  <  15can(12)m  < 

2Scan(R)i  <  ...  <  2 Scan(R)m  < 

3Scan(R)i  <  ...  <  3 Scan(R)m  <  Finish(R) 

DEFINITION:  Let  s  be  any  state  in  an  execution  of  the  composition  automaton. 
Let  j  and  k  be  any  writers.  Then  we  will  define  VN{j,k],  to  be  the  value  of  VN[j,k\ 
at  state  s.  Similarly,  PVN\j,k\„  OV  N\j,k)„  PreOV  N\j,k\„  and  Value[j]B  we  define 
to  be  the  values  of  PVN[j,k],  OVN\j,k\ ,  PreOVN[j,  A],  and  V alue\j]  respectively  at 
the  state  s. 

DEFINITION:  Let  W  be  a  write  by  writer  t  that  does  not  time  out.  Let  j  and  k  be 
writers.  Define  VN\j,k]w,  OVN[j,k]w,  and  PVN[j,k\w  to  be  the  values  of  VN\j,  Jfc], 
OV N\j,  fc],  and  PV N\j,  fc]  respectively,  observed  by  the  last  three  scans  of  W.  Thus  if  s, 
t,  and  u  are  the  states  following  lScan(W)j,  2 Scan(W)j,  and  3 Scan{W)j  respectively, 
then  we  have: 

VN\j,k]w  =  VN[j,k].  =  VN[j,k\t  =  VN\j,k)v 

OVN\J,k\w  =  OVN[j,k],  =  OVN\j,k]t  =  OVN[j,k)u 

PVN\J ,  k)w  =  PVN\j,  k],  =  PVN\j,  k]t  =  PVJV[j,  k]u 

Define  PreOV N\j ,  to  be  the  value  of  PreOVN\j,  fc]  observed  by  the  write  W.  Thus 

since  u  is  the  state  following  PScan(W)j,  we  have 


PreOV N\j,  k}w  =  PreOV N[j,  k]u. 


DEFINITION:  Let  R  be  a  read  by  reader  i  that  does  not  time  out.  Let  j  and  k  be 
writers.  Define  VN[j,k]R,  OVN[j,k]R,  and  PVN[j,k]R  to  be  the  values  of  VIV  [;,*], 
OVN\j,k],  and  PVN[j,k ]  respectively,  observed  by  the  last  three  scans  of  R.  Thus  if 
s,  t ,  and  u  are  the  states  following  lScan(.ft)j,  2 Scan(R)j,  and  3 Scan(R)j  respectively, 
then  we  have: 

VN\j,k]R  =  VN\j,k}9  =  VN[j,k\t  =  VN[j,k]u 
OVN[j,k}R  =  OVN\j,k],  =  OVN(j,k)t  =  OVN[j,k)u 
PVN[j,k]R  =  PVN[j,k}9  =  PVN{j,k\t  =  PVN[j,k]u 

The  following  lemma  embodies  the  rules  by  which  the  VN[i,j],OV N[i,  j], 
and  PreOV N[i,j]  are  picked  each  time  a  writer  writes. 

Lemma  1  Let  W  be  a  write  that  does  not  time  out  and  let  i  be  the  writer  that  performed 
the  write  W .  Let  j  be  any  writer.  Let  s,  t,  u,  and  v  be  the  states  following  PScan(W)j, 
3 Scan(W)j,  SScaT^W),,  and  Write(W)  respectively  (note  s  =  t).  Then  the  following 
hold: 

VN[iJ}v  *  {VN[i,j]u,OVN[j,i}t,  PreOV N[j,i}.} 

OVN[i,j)v  =  VN[j,i]t 
PVN[i,j]v  =  VN[i,j]u. 

Also,  let  x  be  the  state  following  PWrite(W).  Then 

PreOV  N[i,j]r  =  VN{j,i)w  =  VN[j,i]t. 

Proof  of  Lemma  1:  This  follows  directly  from  the  definitions  of  the  PS  can,  3  Scan, 
and  Write  actions  and  from  trivial  examination  of  the  code.  □ 

Note  that  V'jY[i,ji]v  /  VrAr[»,  jju  implies  that  a  writer  changes  all  of  its  VN's  everv 
time  that  it  performs  a  write  that  does  not  time  out. 

DEFINITION:  Let  :  be  a  writer  and  let  j  be  a  state  in  an  execution  of  the 
composition  automaton.  Then  we  will  define: 

VNS(i).  =  Oil  <  j  <  m,OVN[i,j),  =  VN[j,  t],}. 

Let  i  be  a  writer  and  let  R  be  any  read  that  does  not  time  out.  We  will  define: 

VW5(i)R  =  {j|i  <  j  <  m,OVN[i,j)R  =  FJV[.m]*}. 

DEFINITION:  Let  j  be  a  writer  and  let  j  be  a  state  in  an  execution  of  the 
composition  automaton.  Then  we  will  define: 

\(i\  =/  1  if  for  a11  writers  OVN[i,j],  6  {VN[j,t}„  PVN[j,i},} 

3  I  0  otherwise. 


Let  t  be  a  writer  and  let  R  be  any  read  that  does  not  time  out.  We  will  define: 


_  j  1  if  for  all  writers  j,  OVN[i,j]R  6  {VN[j,i]R,PVN[j,i]R} 
otherwise. 

DEFINITION:  Let  a  be  a  state  in  an  execution  of  the  composition  automaton. 
Then  we  will  define: 

F(s)  =  MAX{i\l  <  i  <  m, \VNS(i).\  +  N(i),  =  MAX1<J<m(|WVS(j).|  +  N(J),)b 
Let  R  be  any  read  that  does  not  time  out.  We  will  define: 

F(R)  =  MAX{i\l  <i<m, \VNS(i)R\  +  N(i)R  =  MAXx^m(\VNSU)R\  +  N(j)R)}. 

Recall  that  the  value  of  F(s)  may  be  thought  of  as  the  writer  whose  1-writer  n  +  m- 
reader  register  contains  the  current  value  for  the  m-writer  n-reader  register. 

7.2  Basic  Facts 

Most  of  the  following  theorems,  lemmas,  corollaries,  and  such  are  useful  in  understand¬ 
ing  how  writers,  writing  according  to  the  writer’s  protocol,  are  able  to  write  in  such  a 
way  that  F(s)  may  always  be  taken  to  be  the  “current”  value  of  the  m-writer  n-reader 
atomic  register. 

The  following  lemma  establishes  a  little  fact  that  will  be  used  throughout  the  re¬ 
mainder  of  this  paper. 

Lemma  2  For  all  writers  i  and  all  states  s  in  an  execution  of  the  composition  automa¬ 
ton,  i  $  VNS(i ),. 

Proof  of  Lemma  2:  Let  t  be  any  writer  and  s  be  any  state  in  an  execution  of  the 
composition  automaton.  Let  Wi  be  the  last  write  by  writer  *  such  that  Write( Wi)  <  s.3 
Let  t  and  u  be  the  states  following  35con(W,)t  and  Write{Wx)  respectively.  Then  by 
Lemma  1  we  have  ViV[»,i]u  ^  VTVf*,  *]t  =  OV  lV[»,t]tt.  By  choice  of  Wi,  the  values  of 
V Af[», »]  and  OV 7V[t, »]  in  writer  i’s  register  remain  constant  between  u  and  s  and  thus 
VN[i,i]t  =  Vfli[i,i]u  and  OVN[i,t\,  =  OVW[*,i]u.  Thus  VN[i,i]t  f  OVN[i,i\,  and 
by  definition  of  VNS(i),  we  have  i  £  VNS(i),  as  desired.  □ 

Here  ud  elsewhere  the  author  assumes  that  such  a  write  always  exists.  This  is  incorrect;  the 
problem  of  initialisation  will  be  handled  correctly  in  a  later  version  of  the  paper. 


All  of  the  actions  we  have  just  described  refer  to  particular,  meaningful  operations 
performed  during  an  execution  of  the  read  or  write  protocols,  with  one  exception.  In 
particular,  Scan(W)  for  a  write  W  that  does  not  time  out  was  defined  to  be  syn¬ 
onymous  with  2 Scan(W)m  but  it  has  had  no  meaning  assigned  tc  it.  We  will  give  it 
meaning  by  showing  that  the  values  of  the  VN' s,  OVN's,  and  PVN's  observed  by 
the  last  three  scans  of  W  axe  identical  to  those  in  the  writers’  registers  in  the  state 
following  Scan(W);  if  u  is  the  state  following  Scan(W)  then  VN[j,  &]u  =  VN[j, 
OVN[j,  &]u  =  OVN\j,  k]w,  and  PVN[j,  fc]u  =  PVN[j,  A:j w  for  all  writers  j  and  k.  Thus 
the  values  seen  by  the  last  three  scans  made  during  the  write  W  may  be  thought  to  have 
been  read  by  a  scan  performed  atomically  at  the  point  5can(W).  This  is  demonstrated 
by  the  following  Lemmas  and  Corollary. 

Lemma  3  Let  i  and  j  be  any  writers.  Let  s  and  t  be  any  two  states,  s  <  t,  in  an 
execution  of  the  composition  automaton.  IfVN[i,j],  =  VN[i,j]t  and  there  exists  some 
write  W  by  writer  i  such  that  s  <  Write(W)  <  t  then  there  exists  at  least  one  write  W\ 
by  writer  i  such  that 

s  <  Scan(Wi)  <  Write(W\)  <  t. 

If  i  =  j  then  there  exist  at  least  two  writes  Wj  and  W?  by  writer  i  such  that 
s  <  Scan(W\)  <  Write(Wi)  <  Scan{W2 )  <  Write(Wi)  <  t. 

Proof  of  Lemma  3:  Let  Wo  be  the  first  write  by  writer  i  such  that  s  <  Write(Wo)  < 
t.  Let  u  be  the  state  following  Write(Wo).  Then  by  the  way  the  VN's  and  PVN' s  are 
chosen  (ie.  Lemma  1),  we  have 

VN[i,j)utPVN[i,j]u  =  VN[i,j],. 

Now  since  V JV[i,j]t  =  V N[i,j],  there  must  be  another  write  by  writer  i  between  u  and 
t  to  bring  the  value  of  VWfi,  j]  back  to  what  it  was  at  s.  Let  Wy  be  the  first  such  write. 
Since  Wx  must  start  after  W0  finished,  we  have  s  <  u  <  5can(Wx)  <  Write(W1)  <  t 
and  Wt  is  as  desired. 

In  the  event  that  i  =  j,  we  have  additionally,  by  Lemma  1,  that  OVN[i,  i]u  = 
VJV[t,t],.  Thus  if  v  is  the  state  following  Write(W\),  by  the  way  VN's  are  chosen  we 
have: 

VN[i,  i]v  #  OVN[i,  i]u  =  V N[i, »].. 

Again,  sinrp  V  V[»,  vl;  -  V./V[t,  j]„  there  must  be  yet  another  write  by  writer  i  between 
v  and  t  to  bring  the  value  of  VAT[t,t]  back  to  what  it  was  at  s.  Let  W2  be  the  first 
such  write.  Again,  since  W2  must  start  after  W\  finished,  we  have  s  <  5can(Wi)  < 
Wnte(Wi)  <  v  <  Scan(W2)  <  Write(W2)  <  t,  and  and  W2  are  as  desired.  □ 

Lemma  4  Let  W  be  any  write  by  a  writer  i  such  that  W  does  not  time  out.  Then 
there  does  not  exist  a  writer  j  and  a  write  W}  by  writer  j  such  that  2Scan(W)3  < 
WriteiWj)  <  3 Scan(W)y 


Proof  of  Lemma  4:  Assume  otherwise  and  let  j  be  a  writer  for  which  there  exists 
a  write  W )  such  that  2Scan{W)j  <  Write(Wj)  <  3Scan(W0;.  Let  3  and  t  be  the  states 
following  2 Scan(W)j  and  3Scan(W)j  respectively.  Then  since  the  last  three  scans  of 
W  saw  the  same  values  in  the  registers,  we  have  VN\j,k]w  =  =  VN[j,k}t 

for  all  writers  k  implying  that  VN[j,i]t  =  VAT[j,»]t.  Now  we  have  assumed  that  there 
is  a  write  W:  by  writer  j  for  which  s  <  Write(Wj)  <  t,  so  by  Lemma  3,  there  exists 
some  write  W’  by  writer  j  such  that  s  <  Scan(W")  <  Write(W^)  <  t;  let  W'  be  the 
last  such  write.  If  v  is  the  state  following  Write(Wj),  then  by  choice  of  W',  VN[j,i] 
remains  constant  between  v  and  t  implying  VN[j,i]v  =  VN\j,i]t.  Let  x  be  the  state 
following  PScan{W'j)i  and  note  that 

PWrite(W )  <  2Scan(W)i  <  Scan(Wj)  <  x  <  Write(W')  <  3Scan(]V)j. 

Then  since  PreOVN[i,  j]  remains  constant  between  PWrite(W )  and  3 Scan(W)j,  by 
Lemma  1  we  have  PreOVN[i,j]x  =  VN\j,i]\y  =  V iV[j,  *]t.  Also,  by  Lemma  1  we  have 
VN[j,i]v  /  PreOVN[i,j]x.  But  this  impUes  ^  PreOVN[iJ]x  =  V^Ar^tJ, 

contradicting  the  VN\j,  i]v  =  V N\j,  i]t  we  saw  above.  Thus  our  assumption  is  incorrect 
and  the  Lemma  is  proved.  □ 

Corollary  5  Let  W  be  any  write  by  writer  j  such  that  W  does  not  time  out.  Let  u  be  the 
state  following  Scan{W).  Then  VAT[>,*]U  =  VN\j,  k)W,  OVN\j,k)u  =  OVN\j,k)w, 
and  PV N[j ,  k]u  =  PV N[j ,  k]w  for  all  writers  j  and  k. 

Proof  of  Corollary  5;  By  Lemma  4,  there  are  no  writes  to  writer  j's  register  that 
could  change  the  values  of  KA^,  *],  OVN\j,  *],  and  PVN\j,  Jfc]  between  2 Scan{W),  and 
3Scan(W)j  for  any  writer  *.  Thus  if  s  and  t  are  the  states  following  25can(iy)j  and 
3Scan(w)j  respectively,  we  have  s  <  u  <  t  implying: 

VAT[j,*],  =  VN[j,k]u  =  VN\j,k)t  =  VN\j,k]w 

OVN\j,k)t  =  OVN\j,k\u  =  OVN\j,k)t  =  OVN\j,  k)w 
PVN\j,k]t  =  PVN\j,k)v  =  PVN\j,k)t  =  PVN\j,  k)w 
for  all  writers  k  as  desired.  □ 

This  result  permits  us  to  think  of  the  values  of  the  VMV’s,  OVN's,  and  PVN's 
observed  by  a  write  W,  those  values  on  the  basis  of  which  W  chooses  the  VN's,  OVN's , 
and  PVN's  that  it  writes,  to  have  been  read  by  an  atomic  scan  of  all  the  writers’  registers 
acting  at  the  point  Scan(W').  This  meaning  of  the  Scan(W)  action  is  fundamental  to 
the  remainder  of  the  proof. 

Now  that  we  have  established  the  meaning  of  the  Scan(W )  action,  we  will  present 
two  theorems  that  capture  the  essence  of  the  relative  meanings  of  the  VN's,  OVN's , 
and  PVN  s.  The  first  of  these  theorems  states  that  for  given  writers  i  and  j,  if  writer  i 
“sees”  writer  j's  version  number  at  a  given  point,  that  is,  if  OV^t,  j]  =  VN[j,  i]  at  that 
point,  then  writer  i  has  both  scanned  and  written  since  the  last  write  by  writer  j.  The 


second  theorem  states  that  for  given  writers  i  and  j,  if  writer  t  sees  neither  writer  j's  V N 
nor  writer  j’s  PV N  at  a  given  point,  if  OV  N[i,  j]  ^  VN{j,i]  and  OVlV[t,  j]  ^  PVN[j,  t] 
at  that  point,  then  writer  j  completed  two  writes  between  the  scan  and  write  actions 
of  the  most  recent  write  completed  by  writer  ».  Let  us  first  prove  a  little  lemma. 

Lemma  6  Let  s  be  any  state  in  an  execution  of  the  composition  automaton.  Let  i  be 
any  writer  and  let  Wi  be  the  last  write  by  writer  i  for  which  W  rite(W,)  <  s.  Let  j  be 
any  writer  for  which  there  exists  a  write  Wj  such  that  Sean(Wi)  <  Write(Wj)  <  s.  Let 
t  be  the  state  following  Write(Wj).  Then  OV  N[i,j)t  ^  VN\j,  i]f. 

Proof  of  Lemma  6:  Let  j,  Wj,  and  t  be  as  in  the  lemma  statement.  Let  u  and 
v  be  the  states  following  Scan(Wj)  and  PScan(Wj)i  respectively.  Then  there  are  four 
cases  we  must  consider: 

Case  1:  v  <  Scan(W,).  Then  since  we  have  u  <  PScan(Wj)i  <  v,  u  <  5'can(Wi)  < 
Write(Wj).  Since  writer  j  is  in  the  process  of  performing  the  write  Wj  between 
u  and  Write(Wj),  ie.  since  Start(Wj)  <  u  <  Write(Wj)  <  Finish(Wj),  there 
are  no  other  writes  W.  by  writer  j  for  which  u  <  Write(Wj)  <  Write(Wj)  and 
consequently  VN[j,i]t>  is  constant  for  all  s',  u  <  s'  <  Write(Wj).  In  particular, 
if  x  is  the  state  following  5can(Wi)  then: 

VN{j,i]x=VN\j,i)u. 

Let  y  be  the  state  following  Write(Wi).  Then  by  Lemma  1  we  have: 

OVN[i,j)v  =  VN[j,i\x 


and 

VN\j,i)t^VN\j,i)u. 

By  choice  of  W,  and  hence  of  y,  OVN[i,j]  remains  constant  between  y  and  s. 
Consequently: 

OVN[i,j],  =  OVN[i,j]y. 

Putting  the  above  equations  together  yields: 

OVN[i,j],  =  OVN[i,j)„  =  VN[j,i)x  =  V N[j,  i]u  ^  VN[j,i]t 


as  desired. 

Case  2:  5can(Wi)  <  v  <  Write(W,).  Now  PreOV N[i,  j]  remains  constant  between 
PWrite(Wi)  and  Write{W{ )  and  by  Lemma  1  equals  OVN[i,j)v  if  y  is  the  state 
following  Write(Wx).  Since  PWrite{W, )  <  Scan(Wi)  <  v  <  Write(Wi)  we  thus 
have: 


PreOV  N[iJ)v  =  OVN[i,j}y. 


By  Lemma  1,  we  have: 


VN[j,i}t?  PreOVN[i,j]v. 

By  choice  of  W,-  and  thus  of  y,  OViV[t,j]  remains  constant  between  y  and  a.  Thus: 

OVN[i,j].  =  OVN[i,j]v. 

Putting  the  above  equations  together  yields: 

OVN[i,j],  =  OVN[i,j]y  =  PreOVN[iJ]v  ±  VN\j,i)t 

as  desired. 

Case  3:  Write(Wi)  <  v  but  u  <  Wrtte(Wi).  This  implies 

2Scan(Wj)i  <  u  <  WriU(W,)  <  PScan(Wj)i  =  35can(WJ)<. 

By  Lemma  4  this  is  impossible. 

Case  4:  Wrtte(Wi)  <  v  and  Write(Wi)  <  u.  Note  that  u  <  v  <  WritefWj)  <  a.  Now 
by  choice  of  Wi,  OV Nft,  j]  equals  the  constant  OV  N[i,j],  between  Write(W,) 
and  a.  In  particular: 

OVN[i,  j]H  =  OVN[i,j),. 

Now  by  Lemma  1: 

VN\j,i]t?OVN[i  ,j]u. 

Putting  these  equations  together  yields: 

OVN[i,j).  =  OVN[i,j]u  ?  V  N[j,  *]t 

as  desired. 

This  completes  proof  of  Lemma  6.  □ 

Theorem  7  Let  i  and  j  be  writers,  %  ^  j.  Let  a  be  any  state  in  an  execution  of  the 
composition  automaton.  Let  W,  and  Wj  be  the  most  recent  writes  by  writers  i  and  j  for 
which  Write{Wi)  <  a  and  WritefWj)  <  a.  Then  OVN[i,j]t  —  V N[j, »],  if  and  only  if 
Write(Wj)  <  Scan(W;). 

Proof  of  Theorem  7:  Let  us  first  show  that: 

OVN[i,j],  =  VN\j,i),  =>  Write(Wj)  <  Scan(Wi). 

Assume  otherwise,  that  OVlV[i,j]#  =  but  that  Scan(Wi)  <  Write{Wj).  Let 

v  be  the  state  following  Write(Wj).  Then  by  choice  of  Wj  we  have  Scan(W{)  < 
Write(Wj)  <  a  implying  by  Lemma  6  that: 

OVN[i,j]t  ^  VN\j,i)v. 
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Since  by  choice,  Wj  is  the  last  write  by  writer  j  such  that  Write(Wj)  <  s,  the  value  of 
VN\j,  i]  remains  constant  between  v  and  s  implying  that: 

VN\j,i]v=VN[j,i}.. 


Putting  these  together  yields 

OVN[j,i]t  *  VN[j,i}v  =  VN\j,i], 

which  contradicts  our  initial  assumption  that  OVN[i,j]t  =  VN[j, »],.  Thus  the  first 
direction  of  the  theorem  is  proved. 

Now,  let  us  show  that: 

WritefWj)  <  Scan(W')  =►  OVN[i,j),  =  VN[j,  t],. 

Assume  Write(Wj)  <  Scan{Wi).  Since  Wj  is  the  last  write  by  writer  j  such  that 
Write(Wj)  <  s,  VN[j,i)t>  =  VN[j>  »]#  for  all  states  s'  such  that  Write{Wj)  <  s'  <  s.  In 
particular,  if  t  is  the  state  following  5can(W/t),  then  since  by  assumption  Write{Wj)  < 
5con(W^)  <  s,  we  have  Writc(Wj)  <  t  <  s  implying  VN\j,  i]t  =  VN[j,  By 
Lemma  1,  OVN[i,j]t  =  VN\j, »](  and  thus  OVN[i,j]t  =  VN[j, »],  as  desired.  This 
concludes  the  proof  of  Theorem  7.  □ 

Theorem  8  Let  i  be  any  writer  and  s  be  any  state  in  an  execution  of  the  composition 
automaton.  Let  W,  be  the  last  write  by  writer  i  such  that  Write{Wt)  <  s.  Then 
N(i)s  =  0  i/  and  only  if  there  is  a  writer  j  ^  i  that  performed  writes  Wj  and  W-, 
Wj  ^  W'  such  that 

5can(iy,)  <  Write(W ',)  <  Write(Wj)  <  s. 

Proof  of  Theorem  8:  Assume  there  exist  two  writes  Wj  and  Wj  by  writer  j  such 
that  Scan(Wi)  <  Write(W'j)  <  Write(Wj)  <  s;  let  Wj  and  Wj  be  the  last  such  writes. 
Let  t  and  u  be  the  states  following  Write(Wj)  and  Write{W,)  respectively.  Then  by 
Lemma  6  we  have: 

OVN[i,j],tVN\j,i)t 

and 

OVN[i,j)'tVN\j,i]u. 

By  choice,  Wj  is  the  last  write  by  writer  j  such  that  Write{Wj )  <  Write(Wj),  thus  if 
v  is  the  state  following  Scan(W}),  we  have  VN[j,  i]v  =  VN[j,  t]t.  By  Lemma  1  we  have 
PVN[j,i\u  =  VN[j,  i]„,  thus: 

PVN\j,i}u=VN[j,i]t. 

Now  by  choice,  W-  is  the  last  write  by  writer  j  such  that  Write{Wj)  <  s,  thus: 

VN[j,i)s=VN[j,i\u 
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and 

PVN\j,i].  =  PVN\j,i]u. 
Putting  the  above  equations  together  we  get: 


OVN[iJ)t  ?  VN\j,i)u  =  VN\j,i]t 


and 

OVN[i,j).  ji  VN\j,i]t  =  PVN\j,i)u  =  PVN[j,i\.. 

Consequently,  j V(i),  =-  0.  Thus  if  j,  Wj,  and  Wj  exist  as  in  the  theorem  statement, 
then  N(i),  =  0. 

Now  for  the  other  direction.  Assume  N(i),  =  0.  This  means  PVN[j,  t],  ^  OVN[i,j], 
and  VN\j,i],  ^  OV N[i,j\,  for  some  writer  j.  We  have  three  cases: 

1.  There  are  no  writes  Wj  by  writer  j  for  which  Scan(Wi)  <  Write(Wj)  <  s.  Let  t 
be  the  state  following  $can(Wi).  Then  V N\j, »]  remains  constamt  between  t  and 
a  implying  VN\j,i],  =  VN\j,i]t.  By  Lemma  1,  VN\j,i]t  —  OVN[i,j),  and  we 
have: 

VN\j,i\.  =  VN[jti)t  =  OVN[iJ]t. 

Thus  this  case  is  not  possible. 

2.  There  is  exactly  one  write  Wj  by  writer  j  for  which  Scan(Wi)  <  Write(W:)  <  s. 
Let  t  and  x  be  the  states  following  5con(W,)  and  Write(Wj)  respectively.  Then 

PVN\j,i).  =  PVN\j,i\t  =  VN\j,i]t  =  OVN[i,j]t. 

Thus  this  case  is  not  possible. 

3.  There  are  at  least  two  writes  W:  by  writer  j  for  which  Scan(Wi)  <  Write(Wj)  <  s. 
This  implies  the  existence  of  Wj  and  WJ  as  required  by  the  theorem  statement. 

Thus  N(i)  =  0  implies  there  exists  a  writer  j  and  writes  Wj  and  Wj  by  writer  j 
such  that  Scan(Wi)  <  Wrtte(Wj)  <  Write(Wj)  <  s.  This  completes  the  proof  of  the 
theorem.  □ 

We  will  now  apply  the  two  theorems  that  we  have  just  proved  to  prove  several  useful 
and  interesting  facts  about  some  of  the  various  constructs,  such  as  VNS(i)t,  N(i)t,  and 
F(s),  that  we  defined  earlier.  The  first  of  these  facts,  expressed  in  the  following  Lemma, 
shows  that  for  any  state  a  and  any  writers  i  and  j,  if  ^  VNS(j),  then  one  of 

VNS(i),  and  VNS(j),  is  a  proper  subset  of  the  other. 

Lemma  9  Let  i  and  j  be  writers  and  s  be  a  state  in  an  execution  of  the  composition 
automaton.  IfVNStt ).  <t  VNS(j ).  then  VNS(j).  C  VNS(i)t. 
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Proof  of  Lemma  9:  Given  VNS(i),  <£  VNS(j)s,  let  k  be  such  that  k  €  VNS(i)t\ 
VNS(j)t.  Let  Wj,  Wj  and  W*  be  the  last  writes  by  writers  »,  j,  and  k  respectively 
for  which  Write(Wj)  <  a,  Write(Wj)  <  a ,  and  Wrtte(W*)  <  a.  Since  k  €  VNS(i)„ 
VjV[fc,t],  =  OVN[i,k]t  which  by  Theorem  7  implies  Wrtfe(Wfc)  <  Scan(Wj).  Also, 
since  k  #  VNS(j)„  VN[k,  j],  ^  OVN\j,k\,  implying  by  Theorem  7  that  Scan(Wj)  < 
Write(Wk)-  This  implies  Scan(W})  <  Scan(Wi).  Now  by  symmetry,  of  the  above 
argument,  VNS(j),  VNS(i),  would  imply  Scan(Wi)  <  Scan(Wj).  Thus  we  may 
conclude  that  VNS(j),  C  VNS(i),  and  the  lemma  is  proved.  □ 

Corollary  10  Let  i  and  j  be  writers  and  a  be  a  state  in  an  execution  of  the  composition 
automaton.  Then: 

1.  VNS(j),  is  a  proper  subset  ofVNS(i),  if  and  only  if  |VJV5(jf),|  <  |VjjVS(»),|. 

2.  VNS(j).  =  VNS(i).  if  and  only  if\VNS(j),\  =  |VJVS(»),|. 

Proof  of  Corollary  10:  This  follows  directly  from  Lemma  9  and  elementary  set 
theory.  □ 

The  following  lemma  presents  another  important  fact.  It  is  important  because  it  and 
the  corollary  that  follows  it  relate  the  two  principal  values  that  are  used  for  determining 
the  value  of  F(s)  at  a  state  a,  namely  the  |VjVS(»),|  and  the  N(i)t. 

Lemma  11  Let  i  and  j  be  any  writers,  i  j,  and  let  a  be  any  state  in  an  execution  of 
the  composition  automaton.  Then: 

\VNS(i).\  >  |VJVS0).|  =>  N(i).  >  N(j).. 

Proof  of  Lemma  11:  Assume  otherwise,  that  |VJVS(t),|  >  |V1V5(j),|  but  N(i ),  < 
N ( j)s .  By  Corollary  10,  V N S(j),  is  a  proper  subset  of  VNS(i),  implying  that  there  is 


some  k  6  V N S(i ),  \  V N S(j)t.  By  definition  of  the  VNS  this  means  that  VWfjfe,!],  = 
OVN[i,  fc],  but  VlVffc,,;],  OVN\j,k]t.  Let  Wi,  Wj,  and  W*  be  the  last  writes  by  writ¬ 
ers  i,  j,  and  k  respectively  for  which  Write{Wi)  <  s,  Write{Wj)  <  a,  and  Write(Wk)  < 
s.  Then  by  Theorem  7  we  have  Scan(Wj )  <  Write(Wk )  but  Write{Wk)  <  Scan(W,) 
and  thus  5can(W^)  <  Scan(Wi).  Now  N(i).  <  N(j),  implies  N(i),  =  0  and  N(j),  =  1. 
By  Theorem  8,  N(i),  =  0  implies  that  there  exists  some  writer  l  and  two  writes  Wj  and 
W[  such  that: 

5can(W.)  <  Wrt*e(W/)  <  Write(W,)  <  s. 

But  5can(Wj)  <  Scan(Wi)  implies  that: 


Scan(Wj)  <  Write(Wl)  <  Wrife(W|)  <  s. 


By  Theorem  8  again,  we  have  N(j ),  =  0  contradicting  the  above.  Thus  our  assumption 
is  incorrect  and  the  lemma  is  proved.  □ 
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Corollary  12  Let  i  and  j  be  any  uniters  i  £  j,  and  let  s  be  any  state  in  an  execution 
of  the  composition  automaton.  Then: 


1.  \VNS(i).\  >  \VNSUU  =>  \VNS(i).\  +  N(i),  >  |Vj\rS(j),|  +  N(j), 

2.  |VJV5(i)j|  +  N(i).  >  |VAr5(».|  +  N(j).  =>  |KATS(i).|  >  \VNS(j).\ 

S.  IVJVS(i),l  +  N(i),  >  j VNSUU  +  N(j).  =>  N(i).  >  N(j), 

4.  \V N 5(»)*|  +  N(i),  =  IVNS(jV  +  N(j),  =>  \VNS(i).\  =  \VNS{j).\ 

5.  \VNS(i).\  +  N(i).  =  IV'JVS(j).!  +  N(j).  =►  N(i).  =  N(j ). 

Proof  of  Corollary  12:  All  parts  follow  directly  from  Lemma  11.  □ 

Corollary  IS  Let  s  be  any  state  in  an  execution  of  the  composition  automaton.  Then: 

VNS(i)t  C  VNS(F(s))t 


for  all  writers  i. 

Proof  of  Corollary  13:  Assume  otherwise.  Then  for  Borne  t  /  F(a), 

VNS(i).\VNS(F(s))tJil». 

Then  by  Lemma  9,  V N S(F(s)),  is  a  proper  subset  of  VNS(i),.  Then 

\VNS(F{s)).\  <  |VJVS(i),( 

implying  by  Corollary  12  that 

|VjVS(fX3)),|  +  N(F(s)),  <  \VNS{i).\  +  N (*), 

contradicting  the  definition  of  F(s).  Thus  our  assumption  is  incorrect  and  the  corollary 
holds.  □ 

The  following  lemma  and  corollary  demonstrate  that  at  each  step  s,  the  function  N 
takes  on  a  non-zero  value  for  at  least  one  writer,  and  in  particular,  N(F(s)),  =  1. 

Lemma  14  Let  s  be  any  state  in  an  execution  of  the  composition  register.  Then  there 
exists  some  writer  i  for  which  N{i),  =  1. 

Proof  of  Lemma  14:  Of  all  the  writes  W,  by  any  writer,  for  which  Write(W)  <  s, 
let  Wx  be  the  one  for  which  Scan(W,)  most  recently  precedes  s.  Let  i  be  the  writer  that 


performed  the  write  Wt-.  Assume  N(i),  =  0.  Then  by  Theorem  8  there  exists  a  writer  j 
and  writes  W}  and  W'j  by  writer  j  for  which 

Scon(Wi)  <  Write(Wj)  <  Write(Wj)  <  a. 

But  Wj  must  have  begun  after  Wj  finished  implying 

I Vrite(W')  <  Scan(Wj)  <  Write(Wj). 


Consequently, 

5can(Wi)  <  Scan(Wj )  <  Write(Wj)  <  a 

contradicting  our  choice  of  W,.  Thus  our  assumption  is  incorrect  and  N(i),  =  1  proving 
the  lemma.  □ 

Corollary  16  Let  a  be  any  state  in  an  execution  of  the  composition  register.  Then  we 
have  N(F(s))t  =  1. 

Proof  of  Corollary  15:  Let  t  be  some  writer  such  that  N(i),  =  1;  such  a  writer 
exists  by  Lemma  14.  If  i  —  F(s)  then  we’re  done.  Otherwise  we  have  three  cases: 

1.  |KiV5(^(s)).|  +  N(F(s)).  >  !™S(*),|  +  N(i),.  By  Corollary  12,  N{F(s)).  > 
N(i)»  =  1  and  we’re  done. 

2.  |ViV5(P(s)),|  +  N(F(s))t  =  |ViV5(»)#|  +  N(i)..  By  CoroUary  12,  N(F(s)),  = 
N(i),  =  1  and  we’re  done. 

3.  |ViV5(F(s))»|  +  N(F(a)).  <  |VA5(t).|  +  N(i),.  This  case  cannot  occur  as  it 
would  contradict  the  definition  of  F(s). 

This  completes  the  proof  of  the  corollary.  □ 

7.3  Placement  of  Writes 

We  will  now  use  the  facts  we  have  established  to  prove  two  theorems  that  are  the  basis 
for  the  placement  of  atomic  write  points  in  an  execution  of  the  composition  automaton. 
First,  however,  we  will  need  the  following  definition. 

DEFINITION:  Let  W  be  a  write  by  writer  t  that  does  not  time  out.  Let  s  be  the 
state  following  Write{W).  We  will  call  the  write  W  potent  if  F(s)  =  i.  We  will  call  the 
write  W  impotent  if  F(s)  ^  t. 

The  first  of  the  two  theorems  we  will  now  prove  states  that  if  W  is  an  impotent 
write,  then  F  has  the  same  values  for  the  states  immediately  preceding  and  following 
Write(W).  Intuitively,  this  is  very  desirable  behavior.  If  a  writer  writes  a  new  value 
V  to  its  register,  one  would  expect  that  in  doing  so,  it  would  either  change  the  value 
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of  the  composition  register  to  V,  or  it  would  leave  the  value  in  the  composition  regis¬ 
ter  unchanged.  It  would  be  highly  undesirable  if  writes  could  cause  a  value  that  had 
previously  been  current,  but  had  since  been  overwritten,  to  become  current  again. 

The  second  of  the  two  theorems  that  we  are  about  to  prove  states  that  if  W  is  any 
impotent  write,  then  there  is  some  potent  write  W'  such  that  W'  wrote  its  value  and 
new  VN ,  OVN,  and  PVN  numbers  between  the  scan  and  write  actions  of  W.  This, 
again,  is  what  one  would  expect.  A  writer  performing  its  scan  and  write  operations 
during  an  interval  in  which  no  other  writes  are  occuring  should  change  the  value  of  the 
composition  register  to  that  of  its  own  register  when  it  completes  its  write.  These  two 
theorems  provide  us  with  points  at  which  to  insert  an  “atomic”  action  for  both  potent 
and  impotent  writes. 

Using  these  two  theorems,  we  can  then  proceed  to  insert  the  Atomic(W)  actions  for 
writes  W  as  follows: 

1.  If  W  is  potent  then  insert  Atomic(W)  immediately  preceding  Write(W). 

2.  If  W  is  impotent  then  insert  Atomic(W)  immediately  preceding  Atomic{W')  for 
the  last  potent  write  W'  such  that  Scan(W)  <  Atomic(W')  <  Wri^W).  We 
will  show  that  such  a  write  always  exists. 

3.  If  W  times  out  then  insert  Atomic(W)  immediately  preceding  Atomic(W")  for 
some  write  W"  such  that  W"  is  performed  entirely  within  the  interval  during 
which  W  is  performed. 

We  will  show  later  why  these  insertions  satisfy  the  conditions  we  desire  of  them. 

Theorem  10  Let  W  be  an  impotent  write  written  by  writer  i.  Let  s'  and  s  be  the  states 
preceding  and  following  Write(W)  respectively.  Then  F(s')  =  F(s). 

Proof  of  Theorem  10:  We  will  first  prove  a  few  propositions  that  will  be  useful 
in  the  proof  of  the  theorem.  In  all  of  these  propositions,  we  will  assume  W,  i,  s',  and  s 
are  as  above.  Note  that  i  F(s)  since  W  is  impotent. 

Proposition  10.1  i  €  V  N  S{F(s))t>. 

Proof  of  Proposition  10.1:  Assume  otherwise.  Then 

OVN[F(s),i],.  ?  VAT[, -,/’(*)],, 

implying  by  Theorem  7  that  if  is  the  last  write  by  writer  F(s)  for  which  we  have 
Write(Wf(3 j)  <  s'  then  there  is  some  write  W'  by  writer  i  such  that 


Scan(Wp^)  <  Write(W')  <  s'. 


Then  since  Wf(*)  is  also  the  last  write  by  writer  F(s)  for  which  Write(Wp^)  <  s  and 

Scan(WF{t) )  <  Write(W')  <  s'  <  Write(W)  <  s 

Theorem  8  tells  us  that  N(F(s))a  =  0  contradicting  Corollary  15.  Thus  the  proposition 
holds.  □ 

Proposition  10.2  F(s')  ^  i. 

Proof  of  Proposition  10.2:  By  Corollary  13  we  know  that  VN  S(F(s))ai  c 
V N S(F(s'))al  and  by  the  above,  t  g  V  N  S(F(s))ai  thus  i  g  VN 5(F(s'))4<.  Now  by 
Lemma  2  we  know  i  £  VNS(i)a>.  We  conclude  F(s')  ^  t.  □ 

Proposition  10.3  For  all  writers  j,  j  /  i,  VNS(j),  =  VNS(j)ai  \  {i}. 

Proof  of  Proposition  10.3:  Let  j  be  a  writer,  j  j.  Since  there  are  no  writes 
Wk  by  any  writer  k  ^  i  such  that  s'  <  Write{Wk)  <  a,  we  know  that  ViV[ik,j],  = 
OVN[j,k]a  if  and  only  if  ViV[A:,j]a/  =  OVN[j,k]a>  for  all  writers  k,  k  ^  i.  Thus  we 
have  k,  g  VNS(j)a  if  and  only  if  k  g  VNS(j)a>  for  k  ^  i. 

If  we  had  t  g  V N S(j)a  then  by  Theorem  7  we  would  have  s’  <  Write(W)  < 
Scan(Wj)  <  s  where  Wj  is  the  last  write  by  writer  j  for  which  Write(Wj)  <  s;  this 
would  clearly  contradict  our  choice  of  s'  and  s  which  are  chosen  such  that  Write{W)  is 
the  only  action  between  them.  Therefore,  i  $  VNS(j)a. 

Thus  we  have  k  g  VNS(j),  if  and  only  if  k  g  VNS(j)a>  for  k  ^  i,  and  i  $  VNS(j)a. 
By  elementary  set  theory,  we  conclude  VNS{j)a  =  VNS(j)s’  \  {»}•  Since  j  is  an 
arbitrary  writer,  our  proof  of  the  Proposition  16.3  is  complete.  □ 

Proposition  10.4 

|FtfS(.F(3')),|  =  |KiV5(F(s,))»'l  -  1  and  |V^5(F(s)),|  =  |V^iV5(F(s)),,|  -  1. 

Proof  of  Proposition  10.4:  As  was  noted  in  the  proof  of  Proposition  16.2,  i  g 
V  NS(F(s)),'  and  i  g  V N S(F(s'))a<.  By  Proposition  16.2,  F(s')  ^  i,  and  F(s)  ^ 
i  because  W  is  impotent.  The  proposition  thus  follows  from  Proposition  16.3  and 
elementary  set  theory.  □ 

Proposition  10.5  Let  j  be  any  writer  for  which  i  g  V  NS{j)s>.  Then  N(j),  =  N(j)a 

Proof  of  Proposition  10.5:  By  definition,  t  g  VNS(j)a.  implies  = 

OVN[j,  i]t,.  By  Lemma  1  we  have  =  VN[i,j]a,  and  thus  PVN[i,j),  = 

=  OVN[j,  i],»  =  OV N[j,i]a.  Thus  PVN[i.j],  =  OVN[j,  i]4.  By  definition, 
N{j)a  =  0  if  and  only  if  there  exists  some  writer  k  such  that  VN[k,j]s  ±  OVN[j,k], 


ft 


I 


and  PV N[k,j]t  ^  OV  N[j,k\t.  Since  PVN[i,j\t  =  OVN\j,i]„  there  exists  such  a  k 
if  and  only  if  there  exists  such  a  k,  k  ^  i.  Since  j  ^  i,  OVN[j,  l]t>  =  OVN\j,l],  for 
all  /,  /  j£  i ;  also,  VJVJZ,  j],/  =  VJV[/,j],  and  =  PVN{l,j],  for  all/,  /  /  i. 

This  implies  that  there  exists  such  a  k  i  if  and  only  if  VN[k,j]ti  ^  OVN[j,k},>  and 
PVN[k,  j]t>  OVN[j,k]t>.  But  by  definition,  N(j),i  =  0  if  and  only  if  either  such 
ai  /  i  exists  or  if  VN[i,j]ti  ^  OVN\j,i]t>  and  PVN[i,j]t>  ^  OVN[j,  *],».  We  have 
seen  that  VN[i,j]$i  =  OVN[j,  i]j<  and  we  thus  conclude  that  N(j)t  =  0  if  and  only  if 
N(j)s‘  =  0.  Since  N  takes  on  only  the  values  1  and  0,  our  proof  is  complete.  □ 


Proposition  16.6  N(F(s))t  =  N(F(s))t ,  and  N(F(s')).  =  N(F(s')),<. 


Proof  of  Proposition  16.6:  As  was  noted  in  the  proof  of  Proposition  16.2, 
i  €  V N S(F(s)),i  and  i  €  V N S(F(s')),>.  The  proposition  follows  immediately  from 
Proposition  16.5.  □ 


We  now  proceed  with  the  proof  of  Theorem  16.  Assume  that  F(s')  ^  F(a);  we  will 
derive  a  contradiction.  Now  by  definition  of  F(s'),  one  of  two  cases  must  occur: 


1.  \VNS(F(s'))s,\  +  N(F(s')).,  >  \VNS(F(s)),.\  +  N(F(s))...  Then  by  Proposi¬ 
tions  16.4  and  16.6, 


\VNS(F(s'))t\  +  N(F(s'))t  =  |VAr5(P(s')VI  +  /V(F(s')),--l 

>  |VW5(P(s)),,|  +  N(F(s))t,  -  1  = 
\VNS(F(s)).\  +  N{F(s)). 


Thus  |V'/VS(F(s')),|  +  N(F(s'))t  >  \VNS(F(s)).\  +  N(F(s))a  contradicting  the 
definition  of  F(s). 


2.  \VNS(F(s')).,\  +  N(F(s'))..  =  \VNS(F(s)),\  +  N(F(s))a.  and  F(s')  >  F(s). 
Then  by  Propositions  16.4  and  16.6, 


|V'JVS(F(s')).|  +  N(F(s')).  =  |™S(F(a')V|  +  N(F(s')).,  -  1 

=  \VNS(F(s))a,\  +  N(F(s)),-l 
=  )VNS(F(s)),\  +  N(F(s))z 


Thus \VNS(F(s')),\  +  N(F(s')),  =  \VNS(F(s)),\  +  N(F(s))a  and  F(s')  >  F(s) 
contradicting  the  definition  of  F(s). 


Thus  our  assumption  is  incorrect  and  F(s')  =  F(s)  as  desired.  This  completes  the  proof 
of  Theorem  16.  □ 


Corollary  17  F  remains  constant  between  consecutive  Write{W )  actions  for  potent 
writes  W . 
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Proof  of  Corollary  17:  We  noted  earlier  that  the  only  points  at  which  the  values 
of  V OVN[i,j),  and  PVN[i,j]  may  change  are  at  the  Write(W)  actions  for 
writes  W  by  writer  i.  Formally,  if  A  is  an  action  in  an  execution  of  the  composition 
automaton  and  if  A  is  not  equal  to  Write(W)  for  any  write  W,  and  if  s'  and  s  are  the 
states  preceding  and  following  A  respectively,  then: 

VN[i,j].,  =  VN[i,j]t 
PVN[i,j\,.  =  PVN[i,j], 

0VN[iJ}3.  =  0VN[»,j]4 

for  all  writers  i  and  j.  Consequently,  F(s')  =  F(s).  Theorem  16  implies  that  F(s')  = 
F(s)  even  if  A  =  Write{W)  for  an  impotent  write  W.  Since  Write(W)  actions  are 
associated  only  with  potent  and  impotent  writes  W,  the  correctness  of  the  corollary 
follows.  □ 

Theorem  18  Let  i  be  any  writer  and  W<  be  any  impotent  write  by  writer  i.  Then 
there  exists  some  writer  j,  j  ^  i  and  some  potent  write  Wj  by  writer  j  such  that 
Scan(Wi)  <  Write{Wj)  <  Write(Wi). 

Proof  of  Theorem  18:  Let  s  be  the  state  immediately  following  Wmte(Wx).  Then 
W,  is  the  last  write  by  writer  i  for  which  Write(Wx)  <  s.  Let  j  =  F(s).  Note  j  i 
because  Wx  is  impotent.  Since,  by  Corollary  17,  the  value  of  F  remains  constant  between 
potent  writes,  we  have  j  =  F(s')  where  s'  is  the  state  following  the  last  potent  write  Wj 
for  which  Write(Wj)  <  s.  Now  Wj  is  clearly  written  by  writer  j  as  F{s')  =  j  and  Wj  is 
potent.  Because  F  equals  j  between  s'  and  s,  we  know  by  definition  of  an  impotent  write 
that  there  can  be  no  impotent  writes  Wj  by  writer  j  for  which  s'  <  Write(Wj)  <  s. 
Also,  because  Wj  is  the  most  recent  potent  write  before  s,  we  know  that  there  can  be 
no  potent  writes  Wj  by  writer  j  for  which  s'  <  Write(Wj)  <  s.  Therefore  Wj  is  the 
last  write  by  writer  j  for  which  Write(Wj )  <  s. 

Assume  now  that  there  is  no  potent  write  W  for  which  Scan(Wi)  <  Write(W)  < 
Write(Wt).  Then,  in  particular,  Write(Wj)  <  Scan(W,).  By  Theorem  7  this  implies 
that  OVN[i,j],  =  V'lVfj.t],.  Thus  j  6  VNS{i),  \  VNS(j)t  and  thus  by  Lemma  9, 
VNS(j),  is  a  proper  subset  of  VNS(i),.  By  Corollary  12  we  have  |VlV5(t)4|  +  7V(i),  > 
|V,.V5(j)J|  +  This  implies,  by  definition  of  F(s)  that  F(s)  could  not  possibly 

equal  j.  Thus  our  assumption  is  incorrect  and  there  is  a  writer  j,  j  ^  i,  and  a  potent 
write  W}  by  writer  j  for  which  Scan(W,)  <  Write(W:)  <  Write{Wi).  This  completes 
the  proof  of  Theorem  18.  □ 

We  are  now  ready  to  show  how  to  insert  the  Atomic(W)  action  for  each  write  W 
into  a  schedule  of  the  m-writer  n-reader  atomic  register. 

1.  For  each  potent  write  W ,  we  will  insert  the  action  Atomic(W)  immediately  pre¬ 
ceding  Write(W).  Clearly,  Start(W)  <  Atomic(W)  <  Finish(W). 


2.  For  each  impotent  write  W ,  we  know  by  Theorem  18  that  there  exists  some  potent 
write  W'  such  that  Scan(W)  <  Write(Wf)  <  Write{W)\  let  W'  be  the  last  such 
potent  write.  Insert  an  action  Atomic(W)  immediately  preceding  Write(W'). 
Again,  since  we  are  inserting  Atomic(W)  between  Scan(W)  and  Write(W),  it  is 
clear  that  Start(W)  <  Atomic(W)  <  Finish(W). 

Note  that  we  may  have  to  insert  several  Atomic  actions  for  impotent  writes  im- 
meditately  preceding  a  single  potent  write  W'.  This  is  not  a  problem;  since  we 
have  only  m  writers,  there  are  at  most  m  —  1  writers  that  could  be  performing 
impotent  writes  at  the  point  Write(W').  (Only  one  write  by  a  given  writer  can 
include  the  point  Write{W').)  We  are  thus  inserting  a  finite  number  of  actions 
before  any  Write(W'). 

3.  For  each  write  W  that  times  out,  we  know  from  the  fact  that  it  timed  out  that, 
for  some  writer  t,  W  saw  the  contents  of  writer  V s  register  change  twice.  Since 
the  values  in  writer  Vs  register  that  are  compared  between  scans  (the  VJV[i,j], 
OVN[i,j ],  PVN[i,j],  and  Va/ue[t])  change  only  at  the  points  Write(W')  for 
writes  W'  by  writer  i  that  do  not  time  out,  the  two  observed  changes  must  have 
been  caused  by  separate  writes  by  writer  »'.  The  second  of  these  writes,  call 
it  W',  must  have  begun  after  the  first  finished.  Thus  ws  have  Start(W)  < 
Scan(W')  <  Write(W')  <  Finish(W).  Whether  W'  is  potent  or  impotent, 
we  have  Scan(W')  <  Atomic(W')  <  Write(W'),  thus  if  we  insert  Atomic(W) 
immediately  preceding  Atomic(W'),  we  will  have  Start(W)  <  Atomic{W)  < 
Finish(W). 

Here,  as  was  the  case  with  impotent  writes,  we  may  have  to  insert  several  Atomic 
actions  immediately  before  a  given  Write  action;  here,  as  before,  this  causes  no 
problem. 

Before  we  continue,  there  are  a  few  things  that  we  should  note  about  our  placement 
of  the  Atomic  actions  for  writes.  First,  for  every  write  W  that  does  not  time  out, 
we  have  Scan(W)  <  Atomic(W )  <  Write(W).  Second,  if  5  is  an  schedule  of  the 
composition  automaton  in  which  no  Atomic  actions  have  been  inserted  and  t  is  a  state 
in  5,  then  once  the  Atomic  actions  for  writes  have  been  inserted  into  S  to  yield  S',  the 
most  recent  Atomic  write  action  preceding  t  in  S’  is  that  of  a  potent  write.  Third,  from 
Corollary  17  we  see  that  the  value  of  F  remains  constant  between  consecutive  Atomic 
actions  of  writes. 

7.4  Placement  of  Reads 

Now  that  all  of  the  writes  have  been  placed,  we  need  to  show  that  reads  will  behave  in 
the  desired  manner.  This  is  demonstrated  by  the  following  theorem  that,  although  it  is 
not  constructive4  it  does  tell  us  that  we  may  place  the  Atomic(R)  actions  for  reads  R 
as  follows: 

4  This  proof  is  constructive,  in  the  sense  that  the  placement  of  the  reads  can  be  computed  given  the 
execution.  The  author  presumably  is  claiming,  correctly,  that  a  reader  cannot  compute  the  placement 


1.  If  R  contains  the  action  Atomic(W)  for  the  write  W  whose  value  it  returns,  then 
Atomic(R)  will  be  placed  immediately  following  Atomic{W). 

2.  If  R  does  not  contain  the  Atomic(W )  action  for  the  write  W  whose  value  it  returns 
then  Atomic(R)  will  be  placed  immediately  following  Start(R). 

With  the  help  of  Theorem  19  we  will  show  later  why  these  insertions  satisfy  the  condi¬ 
tions  we  desire  of  them. 

For  writers,  seeing  three  consecutive  identical  scans  imposed  strong  restrictions  on 
the  number  and  placement  of  writes  during  those  scans.  No  such  fact  is  true  for  readers. 
The  system  could  pass  through  a  whole  cycle  between  1  Scan(R)  and  2Scan(R),  and 
the  reader  would  be  none  the  wiser.  Also,  the  system  can  do  an  arbitrary  amount  of 
computation  between  xScan^R),  and  xScan(R)j+ 1,  and  so  the  values  that  the  reader 
sees  may  not  correspond  to  any  global  state  of  the  system.  So,  none  of  the  lemmas 
about  VNS(i),  will  apply  to  VNS(i)R.  Much  of  the  work  in  this  section  involves 
proving  these  lemmas. 

Theorem  19  Let  R  be  any  read  that  does  not  time  out.  Let  i  be  the  number  of  the 
writer  whose  value  is  chosen  to  be  returned  by  R;  i  =  F(R).  Let  W  be  the  last  write  by 
writer  i  for  which  Write(W)  <  3 Scan(R){.  Then  the  following  hold. 

1.  Value(R)  =  Value(W). 

2.  Atomic(W)  <  Finish(R). 

3.  There  does  not  exist  a  write  W'  for  which  Atomic{W)  <  Atomic{W')  <  Start!  R). 

Proof  of  Theorem  19:  We  will  prove  the  parts  separately.  Assume  R,  W ,  and  i 
are  as  defined  above. 

1.  Since  W  is  the  last  write  by  writer  i  for  which  Write(W)  <  3 Scan{R)i,  and  R 
returns  the  value  read  by  3 Scan(R),  from  writer  i’s  register,  R  returns  the  value 
written  by  W. 

2.  Note  that  by  the  way  we  placed  Atomic(W')  actions  for  writes  W' ,  Atomic(W')  < 

Write(W')  for  all  writes  W' .  By  choice  of  W ,  Write{W)  <  3 Scan(R)i.  By  defi¬ 
nition,  of  3 Scan(R)i  <  Finish(R).  We  conclude  that  Atomic(W)  < 

Finish(R). 

of  its  reads. 


VS 


3.  This  is  the  hard  part.  We  will  derive  a  contradiction  after  demonstrating  the 
following  sequence  of  propositions.  Thus  the  first  step  of  our  proof  is  to  assume 
the  negation  of  what  we  are  trying  to  prove.  Namely,  assume  that  there  exists 
some  write  W'  such  that  Atomic(W)  <  Atomic(W')  <  Start(R).  Note  that  all 
of  the  following  propositions  are  dependent  upon  the  existence  of  W'  and  that  all 
assume  R,  W,  and  i  to  be  defined  as  above. 

Proposition  19.1  There  is  no  write  W"  by  writer  i  for  which 
1  Scan(R)i  <  Write(W")  <  ZScan{R)i. 

Consequently, 

VN[i,j].  =  VN[iJ)R 
OVN[i,j).  =  OVN[i,j]R 
PVN[iJ ].  =  PVN[i,j)R 

for  all  states  s,  lScan(R)i  <  s  <  3 Scan(R)i  and  all  writers  j.  Also,  W  is  the 
last  write  by  writer  i  for  which  Write(W)  <  s  for  all  states  s,  lS'con(ii)i  <  s  < 
3  Scan(R)i. 

Proof  of  Proposition  19.1:  Let  t  and  u  be  the  states  following  1  Scan(R)i  and 
3Scan(R)i  respectively.  Since  the  last  three  scans  made  by  R  see  the  same  values, 
we  have  V'.Nfj,  t]t  =  VlV[i,t]tt.  Assume  there  exists  some  write  W"  by  writer  i 
such  that  I5can(^)j  <  Write(W")  <  3 Scan{R){.  Then  by  Lemma  3  there  exists 
some  write  W'"  by  writer  i  for  which  t  <  Scan(W"')  <  W rite{W"')  <  u;  let  W"' 
be  the  last  such  write.  Then  by  the  way  we  placed  the  Atomic  actions  for  writes, 
we  have  Scan(W"')  <  Atomic(W'")  <  Write{W"').  Since  we  have  just  chosen 
W'"  to  be  the  last  write  by  writer  i  for  which  Write(W'")  <  u,  W'"  must  also  be 
the  last  write  by  writer  i  for  which  Write(W'")  <  3 Scan(R)i.  Then  by  choice  of 
W,  we  have  W  =  W'".  But  we  have  assumed 

Atomic(W)  <  Start(R) 

while 

Start(R)  <  1  Scan(R)  <  t  <  Scan{W' ")  <  Atomic(W"'). 

This  contradiction  implies  that  our  assumption  is  incorrect  and  the  proposition  is 
proved.  □ 

Proposition  19.2  Scan(W')  <  Start(R). 

Proof  of  Proposition  19.2:  By  assumption,  there  exists  some  write  W'  for 
which  Atomic(W)  <  Atomic{W')  <  Start(R),  thus  Atomic{W)  <  Start(R). 
Now  by  the  way  we  placed  the  Atomic  actions  for  writes,  Scan{W )  <  Atomic(W)  < 
Write{W).  Thus  we  have  Scan(W)  <  Atomic(W)  <  Start(R)  as  desired.  □ 
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Proposition  19.3  i  $  VNS(i)R. 

Proof  of  Proposition  19.3:  Let  a  be  the  state  following  1  Scan(R)<.  Then 
OVN[i,i ],  =  OVN[i,i]n  and  VJV[»,  *],  =  VAT[j,  *]r.  Thus,  since  Lemma  2  implies 
OVN[i,i\s  ^  F7V[i,  i]a,  we  have  OVN[i,i]n  /  ViV[i,  j]^.  Hence  i  #  VNS(i)n  as 
desired.  □ 

Proposition  19.1  showed  that  writer  i  is  incapable  of  performing  the  Write  actions 
of  any  writes  between  lScan(R)i  and  3 Scan(R)i.  Since  the  principal  values  in 
writer  i’s  register  (the  VN[i,j],  OVN[i,j\ ,  and  PKIVftj'])  thus  remain  constant 
between  1  Scan(R)i  and  3 Scan(R)i,  the  interval  from  lScan(.ft)j  to  3 Scan(R)t 
forms  a  sort  of  “magic  interval”  in  which  we  can  infer  many  things  about  the 
behavior  of  other  writers.  The  following  inequalities  are  particularly  important  in 
this  respect: 


lScon(H)i  <  2 Scan(R)j  <  3 Scan(R)j  <  3 Scan(R)i 

for  all  writers  j,  j  <  i,  and 

1  Scan(R)i  <  1  Scan(R)j  <  2 Scan(R)j  <  3 Scan(R)i 

for  all  writers  j,  j  >  ».  These  inequalities  are  fundamental  because  they  define 
intervals,  defined  in  terms  of  reads  of  writer  j’s  register,  that  are  contained  within 
the  interval  from  15can(fZ)j  to  3 Scan(R)i.  Since  these  inequalities  are  fundamen¬ 
tal  to  the  proof  of  the  remaining  propositions,  they  will  have  the  undesirable  effect 
of  introducing  a  division  into  the  cases  of  j  <  i  and  j  >  i  in  all  of  the  following 
propositions. 

Proposition  19.4  (a)  Let  j  be  the  number  of  any  writer  j  <  t.  If  j  £  VNS(i)R 

then  there  is  no  write  Wj  by  writer  j  such  that  Seeing)  <  Write(Wj)  < 
3  Scan(R):. 

(b)  Let  j  be  the  number  of  any  writer  i  <  j.  If  j  £  VNS(i)ji  then  there  is  no 
write  Wj  by  writer  j  such  that  Scan(W)  <  Write{Wj)  <  2Scan(R)j. 

Proof  of  Proposition  19.4: 

(a)  Assume  otherwise,  that  there  is  some  writer  j,  j  <  i,  j  £  VNS(i)R  that 
performed  a  write  Wj  such  that: 

Scan(W )  <  Write(Wj)  <  3Scan(R)j 

and  let  Wj  be  the  last  such  write.  Let  s  and  t  be  the  states  following 
3Scan(R)j  and  Write(Wj)  respectively.  By  Proposition  19.1,  W  is  the  last 
write  by  writer  i  such  that  Write(W)  <  s.  Then  by  Lemma  6  we  have: 

OVN[iJ},tVN[j,i}t. 
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Since  Wj  is  the  last  write  by  writer  j  such  that  Write{Wj)  <  3 Scan(R)J} 
VN[j,i\  remains  constant  between  Write(Wj)  and  3 Scan{R)j\  in  particular, 


VN\j,i]t  =  VN\j,i}R. 


By  Proposition  19.1,  since  l5can(.R),  <  s  <  3 Scan(R)i,  we  have: 


OVN[i,j]R  =  OVN[i,j)t. 


Putting  these  equations  together  yields: 


OVN[i,j]R  =  OVN[i,j],  ?  VN\j,i)t  =  FJVfj,,]* 


contradicting  our  assumption  that  j  €  VNS(i)R.  Thus  our  assumption  is 
incorrect  and  the  first  half  of  the  proposition  is  proved. 

(b)  The  second  part  of  the  proof  of  the  proposition  follows  exactly  like  the  first; 
l5can(iZ)j  replaces  2 Scan(R)j,  and  2 Scan(R)}  replaces  3 Scan(R)j. 


This  completes  the  proof  of  Proposition  19.4.  □ 


Proposition  19.5  Let  j  be  any  writer.  If  i  6  VNS(j)R  then  VNS(i)R  is  a 
proper  subset  of  V N S(j)R. 


Proof  of  Proposition  19.5: 


(a)  Case  1:  j  <  i.  Since  t  €  VNS(j)R  we  have  OVN[j,i\R  =  Let  Wj 

be  the  last  write  by  writer  j  for  which  Write(Wj)  <  2 Scan(R)j.  Let  s  be 
the  state  following  2 Scan(R)j.  By  Proposition  19.1,  ViV[t,  ji],  = 

By  choice  of  s,  OVN\j,  t],  =  OVN[j,i]R  and  thus  OVN[j,  t],  =  VJV[j,j'],. 
By  Proposition  19.1  and  choice  of  W,  W  is  the  last  write  by  writer  i  for 
which  Write(W)  <  s.  By  choice  of  Wj ,  Wj  is  the  last  write  by  writer  j  for 
which  Write(Wj)  <  s.  Then  by  Theorem  7,  Write(W)  <  Scan(Wj).  This, 
of  course,  implies  5con(lT)  <  5can(Wj). 

Let  k  be  any  writer  for  which  k  g  VNS(i)R.  Note  then  that  by  Proposi¬ 
tion  19.3,  k  ^  :.  Let  W ^  be  the  last  write  by  writer  k  for  which  Write(Wk)  < 
Scan(W).  Then  by  Proposition  19.4,  Wk  is  also  the  last  write  by  writer  k  for 
which  Write(Wk)  <  2 Scan(R)j  since  2 Scan(R)j  <  2Scan(R)k  for  k  >  i  >  j, 
and  2Scan(R)j  <  3 Scan(R)k  if  k  <  i.  Thus  Wk  is  the  last  write  by  writer  k 
for  which  Write(Wk)  <  s.  By  choice  of  Wj,  Wj  is  the  last  write  by  writer  j 
for  which  Write(Wj)  <  s.  Since  Write(Wk)  <  Scan(W )  <  Scan(Wj),  by 
Theorem  7,  we  have: 

OVN[j,k]t  =  VN[k,j].. 


By  choice  of  s, 


OVN\j,k),  =  OVN\j,k]R. 
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Let  u  be  the  state  following  1  Scan(R)k.  By  proposition  19.2,  Sc<m(iy)  < 
Start(R),  implying  Scan{W)  <  Start{R)  <  u  <  2 Scan(R)j  <  s.  Since,  by 
Proposition  19.4,  there  are  no  writes  W'k  by  writer  A:  for  which  Scan(W)  < 
Write(Wk)  <  s,  VN[k,j]a>  is  constant  for  states  s',  Scan(W)  <  s’  <  s;  in 
particular, 

VN[k,j),  =  VN[k,j)u. 

By  choice  of  u, 

VN[kJU=VN[k,j]R. 

Putting  the  above  equations  together,  we  get: 

OVN[j,k}R  =  OVN{j,k).  =  VN[k,j)a  =  VN[k,j)u  = 

Since  VN[k,j)R  =  OVN\j,k]R,  we  have  k  E  VNS(j)R.  Since  k  was  an  arbi¬ 
trary  element  of  VNS(i)R,  VNS(i)R  C  VNS(j)R.  Since  *  E  VNS(j)R  but 
by  Proposition  19.3,  i  &  VNS(i)R,  VNS(i)R  is  a  proper  subset  of  VNS(j)R. 

(b)  Case  2:  i  <  j.  The  proof  of  this  case  is  very  similar  to,  although  not  identical 
to,  that  of  the  first  case,  so  we  will  omit  many  of  the  details.  Let  Wj  be  the 
last  write  by  writer  j  for  which  Write{Wj)  <  1  Scan(R)j.  Let  s  be  the  state 
following  1  Scan(R)j.  As  before,  we  can  show  Write(W)  <  S’can(Wj),  and 
thus  Scan(W)  <  Scan(Wj). 

Let  k  be  any  writer  for  which  k  E  VNS(i)R,  and  let  W*  be  the  last  write 
by  writer  k  for  which  Write{Wk)  <  5con(H^).  Then  by  Proposition  19.4, 
Wk  is  also  the  last  write  by  writer  k  for  which  Write(Wk)  <  lScan(R)) 
since  15can(i2)j  <  2 Scan(R)k-  As  before,  Wj  and  Wk  are  the  last  writes  by 
writers  j  and  k  respectively  for  which  Write(Wj)  <  s  and  W rite(Wk)  <  s. 
Again,  we  have  OVN[j,k],  =  Again,  OVN[j,k ],  =  OVN\j,k]R. 

Since  there  are  no  writes  Wk  by  writer  k  for  which  Scan(W)  <  Write(Wk)  < 
25can(^)*  and  Scan(W )  <  s  <  2Scan{ R)k,  we  have  VN[k,j],  =  VN[k,j]u  = 
F7V[A:,j]k  where  u  is  the  state  following  2 Scan(R)k.  Thus  = 

OVN[j,k]R  and  as  before,  VNS(i)R  is  a  proper  subset  of  VNS(j)R. 

Since  t  G  VNS(j)R  implies  i  ^  j,  the  proofs  of  the  above  two  cases  complete  the 
proof  of  the  proposition.  □ 

Proposition  19.8  Let  j  be  any  writer,  j  ^  i. 

(a)  If  j  <  i  and  if  there  is  some  write  W:  by  writer  j  such  that  2Scan(R)j  < 
WriteiWj)  <  3 Scan{R)v  then  OVN[j,i}R=  VN[i,j]R,  i.e.,  i  €  VNS(j)R- 

(b)  If  i  <  j  and  if  there  is  some  write  Wj  by  writer  j  such  that  1  Scan(R):  < 

Write(Wj)  <  2 Scan(R)j,  then  OVN[j,i\R  =  i.e.,  i  €  VNS(j)R. 


Proof  of  Proposition  19.0: 


(a)  Let  Wj  be  the  last  write  by  writer  j  such  that  2 Scan(R)j  <  Write(W3)  < 
3Scan(R)j.  Let  a  and  t  be  the  states  following  2 Scan(R)j  and  3 Scan(R)j 
respectively.  Now  since  the  last  three  scans  of  R  see  the  same  values  for  the 
VN's,  VN[j,j],  =  VN[j,j]t.  Thus  by  Lemma  3  there  exists  at  least  one 
write  W':  by  writer  j  such  that  a  <  Scan(W')  <  Write(W,])  <  t\  since  Wj 
is  the  last  write  by  writer  j  for  which  a  <  Write{Wj )  <  t,  we  consequently 
have  a  <  Scan(Wj)  <  Write{Wj)  <  t.  Note  then  that  we  have  the  following 
order: 

I5can(f2),  <  2 Scan(R)j  <  s  <  Scan(Wj)  <  3 Scan(R)j  <  t  <  3 Scan(-ft),. 
By  choice  of  t, 

OVN\j,i]R  =  OVN[j,i]t. 

Since  l$can(.ft)t  <  t  <  3 Scan(R)i,  by  Proposition  19.1  we  have 

VN[i,j)R=VN[t,j]t. 

Also  by  Proposition  19.1,  W  is  the  last  write  by  writer  i  for  which  Write{W)  < 
t.  Furthermore,  by  choice  of  Wj,  Wj  is  the  last  write  by  writer  j  for 
which  Write(Wj)  <  t.  By  Proposition  19.1,  Write{W)  <  1  Scan(R)i  thus 
Write(W)  <  1  Scan(R)i  <  5can(W’J),  and  by  Theorem  7  we  have 

VN[i,j)t  =  OVN[j,i]t. 

Putting  all  these  equations  together  yields: 

VN[i,j)R  =  VN[i,j]t  =  OVN\j,i]t  =  OVN[j,i}R. 

(b)  Since  i  <  j  implies  15can(iJ)i  <  I5can(i2)^  <  2 Scan(R)j  <  3Scan(R)i, 
the  second  part  of  the  proof  of  the  proposition  follows  exactly  like  the  first; 
1  Scan(R)j  replaces  2Scan(R)j,  and  2 Scan(R)j  replaces  3 Scan(R)j. 

This  completes  the  proof  of  Proposition  19.6.  □ 

Proposition  19.7  Let  j  be  any  writer,  j  ±  i. 

(a)  If  j  <  i  and  there  is  some  write  Wj  by  writer  j  such  that  2Scan{R):  < 
Write(Wj)  <  3Scan(R)j  then  \VNS(j)R\  >  \VNS(i)R\. 

(b)  If  i  <  j  and  there  is  some  write  Wj  by  writer  j  such  that  \Scan{R)j  < 

Write(Wj)  <  2Scan(R)j  then  >  \VNS{i)R\. 

Proof  of  Proposition  19.7:  This  follows  directly  from  Proposition  19.5  and 
Proposition  19.6.  □ 

Proposition  19.8  Let  j  be  any  writer,  j  £  i. 
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(a)  If  j  <  i  and  there  is  some  write  Wj  by  writer  j  such  that  2 Scan(R)j  < 
Write(Wj)  <  3Scan(R)j  then  N(i)R  =  0. 

(b)  If  i  <  j  and  there  is  some  write  Wj  by  writer  j  such  that  lScan(R)}  < 
Write(Wj)  <  2 Scan(R)j  then  N(i)R  =  0. 

Proof  of  Proposition  19.8: 

(a)  Let  x  and  y  be  the  states  following  2 Scan(R)j  and  3 Scan(R)j  respectively. 
Then  VN[j,j]x  =  VN[j,j]y.  Thus  by  Lemma  3,  we  may  let  Wj  and  W j  be 
the  last  two  writes  by  writer  j  such  that 

x  <  Scan(Wj)  <  Write(Wj)  <  Scan{W})  <  Write(Wj )  <  y. 

Let  s,  t ,  u,  and  v  be  the  states  following  Scan(Wj),  Write(Wj),  Scan(Wj ), 
and  Write(Wj)  respectively.  Then  by  Proposition  19.1, 

OVN[iJ]t  =  OVN[iJ]u  =  OVN[itj]R. 

Also,  by  Lemma  1,  we  have 

WV[i,*]„  *  OVN[i,j)u 
VN[j,i)t  ?  OVN[i,j], 

PVN\j,i)v  =  VN[j,i]t- 

Since  Wj  is  the  last  write  by  writer  j  for  which  Write{W3)  <  3 Scan(R)j,  we 
have 


VN\j,i)R  =  VN[j,i]v 
PVN[j,i]R  =  PVN[j,i]v 

Putting  this  all  together,  we  get: 

=  VN\j,i]v  OVN[i,j]u  =  OVN[i,j]R 

PVN[j,i\R  =  PVN[j,i]v  =  VN[j,i)t  ?  OVN[iJ}.  =  OVN[i,j]R. 

We  conclude  N(i)R  =  0. 

(b)  The  second  part  of  the  proof  of  the  proposition  follows  exactly  like  the  first  if 
we  replace  2 Scan(R)j  by  1  Scan(R)j  and  replace  3 Scan(R)j  by  2 Scan(R)j. 

This  completes  the  proof  of  Proposition  19.8.  □ 

Proposition  19.9  Let  j  be  any  writer,  j  ^  i. 

(a)  Ifj  <  i  then  there  is  no  write  by  writer  j  such  that  2Scan(R)3  <  Write(Wj)  < 
3  Scan(R)j. 
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(b)  Ifi  <  j  then  there  is  no  write  by  writer  j  such  that  1  Scan{R)j  <  Write(Wj)  < 
2  Scan(R)j. 

Proof  of  Proposition  19.9:  Assume  otherwise.  Then  by  Proposition  19.7  and 
Proposition  19.8,  we  have: 

\VNS(i)R\  +  N(i)R  =  \VNS(i)R\  <  \VNS(j)R\  <  +  N(j)R. 

This  contradicts  the  fact  that  F(R)  =  i  and  the  proposition  is  thus  proved  by 
contradiction.  □ 

Proposition  19.10  Let  j  be  any  writer,  j  i. 

(a)  If  j  <  i  then  for  all  states  u,  2  Scan{R)j  <  u  <  3  Scan(R)j,  and  all  writers  k, 

VN[j,k]u  = 

OVN\j,k]u  =  OVN[j,k}R 
PVN\j,k\u  =  PVN\j,k]R. 

(b)  Ifi  <  j  then  for  all  states  u,  lScan(R)j  <  u  <  2Scan(R)j,  and  all  writers  k, 

VN[j,k]u  =  VN{j,k]R 
OVN[j,k]u  =  OVN[j,k]R 
PVN\j,k}u  = 

Proof  of  Proposition  19.10:  This  proposition  is  a  direct  consequence  of  Propo¬ 
sition  19.9.  □ 

We  now  use  these  propositions  to  complete  the  proof  of  Theorem  19.  Let  s  be 
the  state  following  2Scan(R)i.  Note  that  for  all  writers  j,  if  j  <  i  then  we  have 
2 Scan(R)j  <  s  <  3 Scan(R)j,  and  if  i  <  j  then  we  have  1  Scan(R)j  <  s  < 
2Scan(R)j.  Then  by  Proposition  19.10,  we  have 

VN\j,k]R  =  VN[j,k], 

OVN\j,k)R  =  OVN[j,k], 

PVN[j,k]R  =  PVN\j,k ], 

for  all  writers  j  and  k.  But  this  means  that  F(s)  =  F(R)  =  i. 

Let  l Vi  be  the  last  potent  write  for  which  Write(W{)  <  s.  Since  F  remains 
constant  between  consecutive  Write  actions  of  potent  writes,  if  t  is  the  state 
following  Write{Wi)  then  F(t)  =  F(s)  =  i.  Since  W,  is  potent,  this  implies 
Wi  was  written  by  writer  t.  Since  F(s')  =  i  for  all  states  s',  t  <  s'  <  s,  by 
definition  of  impotent  writes  there  can  be  no  impotent  write  W(  by  writer  i  for 
which  t  <  Write{W-)  <  s.  Then  since  Wi  is  the  last  potent  write  by  writer  i  for 
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which  Write(Wi)  <  a,  Wt  is  the  last  write,  potent  or  impotent,  by  writer  i  for 
which  Write(Wi)  <  a.  By  Proposition  19.1,  W  is  the  last  write  by  writer  »  for 
which  Write(W)  <  s.  Therefore  W  =  W,-. 

Since  W  is  thus  potent,  Atomic{W)  =  Write(W).  Since  W  is  the  last  potent 
write  for  which  Write{W )  <  a,  there  can  be  no  other  writes  W'  such  that 
Atomic(W)  <  Atomic(W')  <  a  as  there  are  no  potent  writes  W"  in  this  interval 
before  which  such  Atomic(W')  could  be  inserted.  This  contradicts  our  initial  as¬ 
sumption,  upon  which  this  whole  sequence  of  propositions  was  based,  that  such  a 
W'  exists.  Thus  our  initial  assumption  is  incorrect;  there  exists  no  write  W'  such 
that  Atomic(W)  <  Atomic{W')  <  Start(R). 

This  (finally)  completes  proof  of  Theorem  19.  □ 

We  will  now  use  Theorem  19  to  place  the  Atomic(R)  actions  for  reads  R.  Let  R  be 
any  read.  Then  Atomic(R)  will  be  placed  as  follows: 

1.  If  R  does  not  time  out,  then  let  i  =  F(R ),  and  let  W  be  the  last  write  by  writer  t 
for  which  Write(W)  <  3 Scan(R)i  as  we  did  in  the  proof  of  Theorem  19.  Then 
we  have  two  cases: 

(a)  If  Start(R)  <  Atomic(W)  then  by  Theorem  19,  Start(R)  <  Atomic{W)  < 
Finish(R).  Thus  if  we  insert  Atomic(R)  immediately  following  Atomic(W) 
it  is  clear  that  Start(R)  <  Atomic(R)  <  Finish(R).  Also,  since  Theorem  19 
states  Value(R)  =  Value(W),  it  is  clear  that  R  returns  the  value  of  the  last 
write  W  for  which  Atomic(W )  <  Atomic(R). 

(b)  If  Atomic(W)  <  Start(R)  then  we  will  insert  Atomic(R)  immediately  fol¬ 
lowing  Start(R).  It  is  clear  that  Start{R)  <  Atomic{R)  <  Finish(R). 
Also,  since  Theorem  19  states  Value(R)  =  Value(W)  and  that  there  are  no 
writes  W'  for  which  Atomic(W)  <  Atomic(W')  <  Start(R),  it  is  dear  that 
R  returns  the  value  of  the  last  write  W  for  which  Atomic(W )  <  Atomic(R). 

2.  If  R  does  time  out,  then  we  know  from  the  fact  that  it  times  out  that,  for  some 
writer  i,  R  saw  the  contents  of  writer  j’s  register  change  twice.  Since  the  val¬ 
ues  in  writer  t’s  register  that  are  visible  to  readers  (the  VN[i,j],  OVN[i,j ], 
PVN[i,j],  and  Va/ueft'])  change  only  at  the  points  Write{W')  for  writes  W'  by 
writer  i  that  do  not  time  out,  the  two  observed  changes  must  have  been  caused 
by  separate  writes  by  writer  i.  The  write  that  caused  the  second  of  these  ob¬ 
served  changes,  call  it  W',  must  have  begun  after  the  first  finished.  Thus  we 
have  Start(R)  <  Scan{W')  <  Write(W')  <  Finish(R).  Whether  W'  is  po¬ 
tent  or  impotent,  we  have  Scan(W' )  <  Atomic(W’ )  <  Write(W'),  thus  if  we 
insert  Atomic(R)  immediately  following  Atomic(W')  it  is  clear  that  we  will  have 
Start(R)  <  Atomic(R)  <  Finish(R).  Also,  since  the  algorithm  returns  Value[i], 
it  is  clear  that  Value(R)  =  Value(W').  Thus  R  returns  the  value  written  by  the 
last  write  W’  for  which  Atomic{W')  <  Atomic(R). 
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Here,  as  was  the  case  when  we  placed  the  Atomic  actions  for  impotent  writes  and  writes 
that  timed  out,  we  may  have  to  insert  several  Atomic  read  actions  following  a  given 
Atomic  write  action;  again,  this  causes  no  problem. 

Thus  for  every  read  R  and  every  write  W  we  have  placed  internal  actions  Atomic(R) 
and  Atomic(W)  such  that: 

1.  Start(W)  <  Atomic(W)  <  Finish(W). 

2.  Start(R)  <  Atomic(R)  <  Finish(R). 

3.  If  Wr  is  the  last  write  for  which  Atomic(WR )  <  Atomic(R)  then  Value(R)  — 
Value{WR). 

This  completes  the  proof  of  correctness. 

8  Conclusions 

Having  thus  completed  our  proof  of  correctness  it  is  appropriate  to  reflect  on  the  purpose 
of  this  paper,  to  provide  intuitive  explanation  and  rigorous  proof  of  the  correctness  of  a 
modified  version  of  the  multi-writer,  multi-reader  atomic  register  algorithm  presented  in 
[PB].  We  have  gone  about  this  in  several  ways.  First,  the  algorithm  is  presented,  at  an 
intuitive  level,  before  the  proof  of  correctness.  This  should  hopefully  arm  readers  of  the 
proof  with  an  understanding  of  what  needs  to  be  proved  and  why.  Second,  the  approach 
to  the  problem  is  that  taken  in  [BB].  An  attempt  is  made  to  understand  what  different 
reads  and  writes  do  so  that  their  Atomic  actions  may  be  placed  in  an  appropriate  and 
intuitively  reasonable  manner.  Third,  the  proof  has  examined  the  algorithm  at  a  finer 
level  of  detail  than  that  presented  in  [PB].  Arguments  are  presented  at  the  level  of  the 
individual  reads  of  writers’  registers  and  not  at  the  level  of  scans  as  a  whole.  The  result 
of  this  detailed  proof  was  to  find  two  problems  with  the  original  algorithm.  The  detailed 
approach  to  proof  is  not,  however,  without  its  faults;  it  is  possible  to  be  so  attentive  to 
detail  that  the  proof  becomes  little  more  than  an  exercise  in  symbol  manipulation  to 
those  not  already  intimiately  familiar  with  the  algorithm.  Thus  while  care  was  taken  to 
present  detail  where  necessary,  as  was  the  case  with  arguments  about  individual  reads  in 
scans,  some  arguments,  particularly  those  dealing  with  the  choice  of  VN' s  and  PVN's 
by  successive  writes  by  a  single  writer,  are  obvious  enough  that  excessive  detail  has  been 
omitted.  It  is  hoped  then  that  one  will  find  in  this  paper  a  clear  survey  of  the  algorithm 
in  question  in  addition  to  a  rigorous,  but  not  overburdened,  proof  of  correctness. 

There  are  still  a  few  aspects  of  the  problem  of  constructing  a  multi-writer,  multi¬ 
reader  atomic  register  that  could  use  further  work.  First,  the  proof  of  Theorem  19  is  not 
constructive  and  requires  quite  a  bit  of  work  to  reach  a  contradiction.  It  would  be  nice 
to  have  a  positive,  constructive  proof  that  illustrates  more  clearly  why  readers  always 
return  legitimate  values.  Second,  the  efficiency  of  this  algorithm  in  terms  of  accesses 
to  shared  memory  is  not  particularly  good.  Performing  0(m)  scans  of  m  registers  is  a 
considerable  amount  of  work  to  do  to  write  or  read  a  single  value. 
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A  Code  and  Counterexamples 

A.l  The  Code 


Figure  4  presents  the  code  for  the  reader’s  protocol  as  published  in  [PB]  re-written  in 
the  manner  of  the  corrected  code  presented  in  the  second  part  of  this  paper.  Similarly, 
figure  5  presents  a  re-written  version  of  the  code  published  in  [PB]. 

The  code  in  these  figures  is  very  similar  to  that  presented  in  the  first  figures  with 
the  following  exceptions:  only  the  VN's  are  compared  across  scans  performed  by  the 
readers  and  writers;  readers  only  need  to  perform  two  consecutive  identical  scans  before 
they  assume  they  have  read  a  consistent  state  of  the  world;  the  PreOV N  are  read  only 
after  three  consecutive,  identical  scans  have  completed. 

The  labels  in  these  code  figures  are  identical  in  meaning  to  those  presented  earlier 
with  the  exception  that,  since  readers  need  perform  only  two  consecutive,  identical 
scans,  we  define  only  the  names  1  Scan(R)i  and  2 Scan(R)i  for  reads  R  that  do  not  time 
out;  3 Scan(R)i  is  not  defined.  Note  also  that  we  now  have 

3 Scan(R)i  <  PScan(R)l 
instead  of  PScan(R),  =  3 Scan(R)i. 

A. 2  The  First  Counterexample 

Let  us  first  assume  that  the  writer’s  protocol  maintians  a  consistent  state  of  the  world; 
that  atomic  write  points  may  be  inserted  within  the  bounds  of  each  write  such  that  the 
value  of  F  is  a  constant  between  those  points,  and  at  each  point  p,  the  value  of  F  at  p 
is  the  writer  that  performed  the  write  whose  atomic  point  most  recently  preceds  p. 

Thus  if  a  read  R  is  performed  in  an  interval  containing  no  atomic  write  points,  we 
can  place  an  atomic  read  point  anywhere  between  Start(R)  and  Finish(R),  and  R  will 
necessarily  return  the  value  written  by  the  write  whose  atomic  write  point  most  recently 
preceds  R's  atomic  read  point.  Similarly,  for  reads  R  that  time  out,  we  have  argued  that 
R  must  return  the  value  of  a  write  that  was  performed  completely  within  the  bounds 
of  Start(R)  and  Finish(R);  if  the  atomic  read  point  for  R  is  placed  immediately  after 
that  of  the  atomic  write  point  of  the  contained  write,  then  again  R  necessarily  returns 
the  value  written  by  the  write  whose  atomic  write  point  most  recently  preceds  its  own 
atomic  read  point. 

Unfortunately,  it  is  not  the  case  that  all  reads  either  are  performed  in  write-free 
intervals  or  explicitly  time  out,  as  figure  6  illustrates.  Figure  6  shows  the  actions  of 
three  writers  labeled  X,  Y,  and  Z;  we  will  assume  in  these  figures  that  the  writers 
are  presented  in  increasing  order,  thus  X  <  Y  <  Z.  In  the  interval  pictured,  X  and 
Z  do  not  write  while  Y  writes  four  times.  The  Scan  and  Write  actions  of  the  writes 
are  indicated  by  the  points  labeled  by  S  and  W  respectively.  Note  that  under  S  we 


DEFINE 

Writer  Juhanged-Stnce -Latt-Scan(i)  s  \/  -  ( Scan-VN^i, jJ  ^  Savtd-Scan.V  N[i, »); 

▼  Kj^m 

Any -Chang«_Since_La tt-Sean  W  \J ,  -  -  Writ«r-CAa»»0«d-S‘mc«-La#t.^can(t); 

VWS_Si««(0  •  1(1  <  )  S  m|Scan.OVAr[i,j]  s  Scan.VNU,  OH; 

N(.)m  lif  ^1<J<m(OvNli.}]  € 

0  otheru/TieT 

Af  m  MAX{VNS-SiMe(i)  +  N(«)U  £  •  £  "*>; 

F  3  MAX  {1  <  .  <  m\V N  S-Stte(i)  +  *(•)  -  M); 


BEGIN 

5am<^cani  :m  0;  Timed jOut  :m  0; 

FOR  i  :■  1  TO  m  DO  C/ian9«i^«n[i)  :•  0;  END; 

FOR  .  1  TO  m  DO 

»  FOR  j  ■  1  TO  m  DO  Sean-V^li, j)  :m  END; 

FOR  j  :■  1  TO  m  DO  Scan.O VN(»,  j)  :«  OVMijI;  END; 

FOR  j  m  l  TO  m  DO  Scan -PVN(«,.jI  PVN(i,jj;  END; 

Scan-Value(»}  :m  Valuefi);  a 

END; 

Same-Scant  :m  1; 

REPEAT 

FOR  .  *  i  TO  m  DO 

FOR  ;  ■  1  TO  m  DO  Saved-Scun.Vtf  [i,  >]  :■  Scan-V  H(i,  j),  END; 
FOR  ;;«lTOmDO  Saved-Scan-OV  S[i,  j)  :m  Scan-OV N[i,  A,  END; 
FOR  j  :m  1  TO  m  DO  Saved-Scan-PV  jv(i,  A  :m  Scan-PVN[i,  j],  END; 
END; 

FOR  .  :■  1  TO  m  DO 

►  FOR  j  :*  1  TO  m  DO  Scan.V N[i, j]  VjV[«,  jl;  END; 

FOR  ;:«lTOmDO  ScanjOVNti,  A  :«  OVMif»;  END; 

FOR  j  -  1  TO  m  DO  Sc«nJ»VN[i, ,]  PVtff.,,);  END; 
5can.Valu«(t]  :■  V'alui(i);  a 

END; 

FOR  •  ■  1  TO  m  DO 

IF  tV>iecr.Chan9«d-5«ne«-La«t-5can(t) 

THEN  Chan0e«_5e«fi(i]  *  Chony«*_Seen[«)  -f  1; 

END; 

END; 

IF  Any.Chan00^inc«J,a«t^can 
THEN  Same-Scant  :m  1; 

FOR  i  :■  1  TO  m  DO 

IF  Chonjei-S««n[i]  m  2  THEN  Timed-Out  :»  »;  END; 

END; 

ELSE  Same_5cam  :*  Same-Scant  +  1; 

END; 

UNTIL  Same-Scant  =  2  OR  Timed.Out  yf  0; 

IF  Ttmed-Out  yt  0 

THEN  RETURN( Scan.l'a<ue(Timed.Out)); 

ELSE  RETURN( Scan.Va<ue(F]); 

END, 

END; 


Figure  4:  The  reader’s  protocol. 
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DEFINE 

Writer  jChangcdS%nce -Xa*t_Scan(  i )  9  \J %  ,  (  Scan.V  Af[i ,  jJ  f 4  Saved.Scan.VAfN,.;)); 

»  1  vj  v  m 

Any«CAan9e-S*nce_£,a*t-Scan  W  (  y  i<,<m  '^rr,ter-^,lon^e^-^,nc<*^'a,*-^can(,))J 


BEGIN 

Same^cam  :«  0;  Timed-Out  :a  0, 

FOR  i  a  1  TO  m  DO  CAanye*-Seen(»]  : a  0;  END; 

FOR  i  a  1  TO  m  DO 

»  FOR  J  3  1  TO  m  DO  Scon.VN(»,jl  :m  VS[i,)\%  END; 

FOR  J  a  1  TO  m  DO  Scon.OV'Mli,  *1  :■  OVMi.j];  END; 

FOR  j  a  1  TO  m  DO  Scan-PV'tfj*. j)  :m  PVtffi.jj;  END; 

5can.Va(ue[i]  :m  VaJue[i];  4 

END; 

Same_Scam  a  1; 

REPEAT 

FOR  i  a  1  TO  m  DO 

FOR  j  a  X  TO  m  DO  SavedScan.V  N[«,  j)  a  Scan.V  }],  END; 

FOR  j  a  1  TO  m  DO  SavedScan.O  V  S[it  j]  :m  Scan.OVN[»,  j),  END; 

FOR  j  a  1  TO  m  DO  Saved-Scan-PV^f*,  )\  :a  ScanJ3  V  S[%,  END; 

END, 

IF  Same-Scan*  a  1 
THEN 

FOR  .  :a  l  TO  m  DO 

»  PreOVN\k,%)  a  Scan.V//l»,  fc);  4 
END, 

END, 

FOR  .  a  l  TO  m  DO 

►  FOR  j  a  1  TO  m  DO  Scan.V  S[t,  j)  :m  VATfi.j);  END; 

FOR  j  a  1  TO  m  DO  Scan-OV  a  OV'Nji,;!;  END; 

FOR  j  *  1  TO  m  DO  Scan-P  V  N[», )]  a  END; 

5can.\Zaiue[«]  a  VaJue[»];  4 

END; 

FOR  .  a  1  TO  m  DO 

IF  Writer  _Chanyed-S»nce-La*t-Scan(t) 

THEN  C honjei_S'«en[i]  ;a  C  Aange*-S«en[i]  +  1; 

END; 

END; 

IF  Any-C hangeSmee-LastScan 
THEN  Same  Scan  m  a  1; 

FOR  .  a  1  TO  m  DO 

IF  Change j-Seen(»)  a  2  THEN  Timed.Out  :a  »;  END; 

END, 

ELSE  SameScan*  :a  Same-Scan*  +  I; 

END. 

UNTIL  Same-Scan*  a  3  OR  Timed.Out  &  0; 

IF  Timed.Out  0 
THEN  RETURN; 

ELSE 

FOR  i  =  1  TO  m  DO 

►  PScan-PreOV N[%,  fc)  a  PreOV  N[t,  *);  4 

END, 

»  FOR  i  a  1  TO  m  DO 

V  ,V(fc,  ,]  a  Any{  {1,2,  3,  4)  \  {Scan.V N[k,  t),  Scan.O VN[«,  k],  PScanS>reO VMi,  *)}); 
OVN[k,t)  rScan.V^.k]; 

PV N[fc,  «1  a  Scan.V'Nffc,  ij, 

END. 

V aiue(fc)  a  VALUE,  4 
RETURN. 

END, 

END; 


Figure  5:  Writer  fc’s  protocol. 
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Figure  6: 


are  lumping  together  all  three  consecutive,  identical  scans  made  by  a  writer,  as  well  as 
the  PWrite  action.  Also  included  in  the  diagram  are  two  scans  of  the  three  writers’ 
registers  made  by  a  reader  as  part  of  a  single  read  R.  The  *  signs  denote  the  atomic  read 
points  of  the  reads  of  the  individual  writers’  registers  performed  as  part  of  the  scans. 
Thus  writer  Y  starts  with  a  complete  write  A.  This  is  followed  by  the  complete  urst 
scan  of  the  read  R.  This  is  then  followed  by  three  more  complete  writes  by  writer  Y 
and  the  final  scan  of  R. 

Write  A  sees  the  current  VN's  posted  by  all  three  writers  and  records  them  as  its 
OV'JV[i,j]’s  when  it  writes,  while  changing  its  own  set  of  V7V[t,j]’s.  At  this  point,  the 
state  of  the  world  is  seen  by  the  first  scan  of  read  R.  Write  B  then  writes  a  new  set 
of  ViV[t,  j]'s  which  by  choice  must  differ  from  those  written  by  write  A.  If  the  second 
scan  of  R  is  to  read  the  same  VN's  as  the  first  scan  we  see  that  writer  Y  must  write 
again  (indeed  twice  since  the  protocol  requires  a  minimum  of  three  writes  for  a  writer  to 
restore  its  V N  for  itself)  to  restore  the  VN's  that  had  been  written  as  part  of  write  A. 
This  having  been  accomplished,  the  second  scan  of  read  R  is  performed  and  returns  the 
same  state  of  the  world  as  was  seen  by  the  first  scan  of  R.  Thus  the  reader  performing 
read  R  cannot  tell  that  a  write  has  occured  between  the  two  read  scans,  although  several 
have,  and  proceeds  to  return  a  value  based  upon  the  information  observed  by  the  two 
scans. 

One  may  ask  if  the  value  returned  in  the  above  example  will  violate  the  atomicity 
requirements  for  the  three-writer  register  construction.  In  this  case,  the  answer  is  that 
the  value  returned  is  legitimate.  The  value  returned  is  that  written  by  write  D.  Since 
write  D  is  completely  contained  within  the  bounds  of  read  R,  its  atomic  action  is  as 
well,  and  as  in  the  case  of  the  timed  out  reads,  it  is  legitimate  to  place  the  atomic  read 
action  of  R  immediately  following  the  atomic  write  action  of  D.  In  [PB],  R  is  referred 
to  as  having  timed  out  without  knowing  that  it  did  so.  That  paper  then  attempts  to 
generalize  the  argument,  used  above  to  demonstrate  the  need  for  C  and  D  if  the  scans 
of  R  are  to  agree,  to  provide  a  proof  that  when  a  writer  times  out  without  knowing  it 
has  done  so,  it  still  returns  a  correct  value.  It  was  the  study  of  that  proof  that  led  to 
the  development  of  the  first  counterexample  to  the  correctness  of  the  algorithm,  thus  it 


Figure  7: 

is  instructive  to  repeat  it  here. 

Given  the  last  two  scans  of  a  read  R  as  shown  in  figure  7,  assume  that  the  values 
of  the  VN's  seen  by  the  two  scans  are  identical.  Now  divide  the  writers  into  two  sets, 
the  “changing”  writers  that  performed  the  Write  action  of  some  write  between  the  two 
scans  of  R.  and  the  “unchanging”  writers  that  did  not  perform  the  Write  action  of  any 
write  between  the  two  scans  of  R.  By  that  definition,  writers  Y  and  Z  are  changing 
writers  while  writer  X  is  an  unchanging  writer  in  figure  7.  Now  by  reasoning  presented 
earlier,  if  the  two  scans  of  R  are  to  see  the  same  VN's  for  all  writers,  writes  C  and 
D  must  occur  between  Write(B)  and  the  second  scan  of  read  R;  in  general,  every 
changing  writer  must  perform  a  complete  write  between  the  two  scans  of  R.  Thus  at 
the  second  scan  of  R,  all  of  the  changing  writers  will  be  observed  to  have  “seen”  the 
VN's  of  the  unchanging  writers  whereas  the  unchanging  writers  will  be  observed  not 
to  “see”  the  VN's  of  any  of  the  changing  writers.  Also,  since  each  changing  writer  has 
written  at  least  twice  between  the  most  recent  write  by  any  unchanging  writer  and  the 
second  scan  of  R,  we  should  have  JV(i)  =  0  for  all  unchanging  writers  t.  Thus  it  is 
completely  impossible  for  the  value  of  an  unchanging  writer  to  be  returned  if  there  exist 
any  changing  writers.  If  the  value  returned  by  R  is  read  from  the  register  of  a  changing 
writer,  then  it  was  written  by  a  write  that  occured  entirely  between  the  two  scans  of 
R.  If  the  value  returned  is  read  from  the  register  of  an  unchanging  writer,  then  there 
are  no  changing  writers,  and  the  last  two  scans  of  R  occured  in  an  interval  in  which  no 
writing  took  place.  Thus  R  returns  a  legitimate  value. 

The  problem  with  this  proof  is  shown  in  figure  8  which  demonstrates  the  real  picture 
of  how  read  scans  occur.  The  notions  of  “the  point  at  which  the  first  scan  of  R  occured” 
and  thus  of  “changing”  and  “unchanging”  writers,  are  therefore  not  well  defined.  Sup¬ 
pose  the  following  definition  of  “changing”  writer  is  made  to  eliminate  ambiguity:  a 
writer  i  will  be  defined  to  be  a  changing  writer  if  it  completed  a  write  W  between  the 
reads  of  its  register  in  the  first  and  second  consecutive,  identical  scans  made  by  the 
read  R\  that  is,  if  15can(i2),  <  Write(W)  <  2 Scan{R)i.  Thus  in  figure  9,  writer  Z  is  a 
changing  writer  while  writers  X  and  Y  are  not.  The  same  reasoning  as  above  then  shows 
that  some  writes  C  and  D  must  occur  between  Write(B)  and  the  read,  2 Scan(R)z,  of 
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writer  Z's  register  in  the  second  scan. 

There  is  a  problem  with  this  however,  that  is  demonstrated  by  figure  10.  Assume 
that  the  scans  of  the  read  R  see  the  same  VN’s.  Writer  X  is  a  changing  writer  while 
writer  Y  is  an  unchanging  writer.  Writer  Y  will  be  seen  to  have  observed  the  VN's 
written  by  writer  X  during  the  write  D.  Writer  X,  on  the  other  hand,  will  be  observed  to 
have  seen  the  VJV’s  written  by  writer  Y  prior  to  the  write  E.  Writer  Y  will  consequently 
be  judged,  correctly,  to  be  the  writer  that  wrote  more  recently  before  the  second  scan 
of  R,  and  its  value,  that  written  by  E,  will  be  returned  by  R.  Read  R  thus  returns 
the  value  written  by  an  unchanging  writer  despite  the  existence  of  a  changing  writer. 
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Figure  11:  The  first  counterexample. 

Clearly,  the  reasoning  sketched  above  no  longer  works;  one  then  asks  if  a  conterexample 
may  be  constructed  to  the  algorithm  in  a  similar  manner. 

The  answer  to  this  question  is  that  we  can.  Such  a  counterexample  is  listed  in 
figure  11.  The  numbers  following  the  vertical  lines  are  the  values  of  the  various  variables 
following  the  actions  to  which  the  vertical  lines  are  connected;  the  numbers  below,  the 
horizontal  time-line  for  writer  X  refer,  in  order,  to  the  VN[X,  *],  PVN[X,  *],  OVN[X,  *], 
and  PreOV  N[X,  *];  the  rows  of  numbers  are  presented  in  the  same  order  as  the  time¬ 
lines  for  the  different  writers.  For  example,  following  the  first  write  by  writer  X,  we 
have, 

VN[X,  X]  =  1  and  VN[X,  Y]  =  4 
PVN[X,X]  =  3  and  PVN[X,Y]  =  3 
OVN[X,  X]  =  3  and  0VN\X,Y}  =  2 
PreOV N[X,  X)  =  3  and  PreOVN[X,  Y)  =  2. 

Then  what  this  counterexample  has  done  is  to  perform,  without  interruption,  the  first 
scan  of  the  read  R  as  well  as  the  read  of  writer  X's  register  for  the  second  scan  of  R. 
Before  the  second  scan  of  R  gets  to  read  the  value  in  Y’s  register,  however,  we  have 
performed  a  series  of  writes  that  render  completely  meaningless  the  first  values  read. 
In  particular,  we  have  written  so  that  the  values  of  VN[Y,X ]  and  YiV[Y,  Y)  observed 
by  the  second  scan  equal  the  values  of  these  variables  observed  by  the  first  scan;  this 
implies  that  the  read  R  detects  no  writes  occuring  between  its  scans  and  will  select  a 
value  to  return  based  on  the  values  seen  by  the  second  scan.  But  for  the  values  returned 


by  the  second  scan  we  have: 


1  =  OVN[Y,  X)  £  VN[X,  Y]  =  4  and  1  =  OVN[Y,X]  ?  PVN[X,Y\  =  3 

and 

2  =  0 VN[Y,  Y]  7*  VN[Y ,  Y]  =  3  and  1  =  OVN\Y ,  X]  ^  V]  =  4 

implying  that  iV(K)  =  0  and  |VJV1S'(y)|  =  0.  Also, 

3  =  OVN[X,X]=  PVN[X,X}  =  2  and  2  =  OVN[X,Y]  =  PV  N[Y,X)  =  2 

implying  that  N(X)  =  1  while  |V1V5(A’)|  =  0.  The  value  of  F  computed  on  the  basis 
of  these  values  is  F  =  X.  Thus  the  read  R  will  return  the  value  read  from  the  register 
of  writer  X  during  its  second  scan.  Since  this  value  was  written  by  the  first  write  shown 
for  writer  X,  and  the  atomic  write  action  of  the  first  write  shown  for  writer  Y  must  be 
interposed  between  the  atomic  write  action  of  the  first  write  shown  for  writer  X  and 
the  first  scan  of  R,  the  atomicity  condition  is  violated. 

One  will  note  that  the  first  and  second  scans  did  not  observe  the  same  values  for 
OV  N\Y,X).  One  might  ask  then  if  the  algorithm  would  perform  correctly  if  not  only 
the  VN'b,  but  the  PVN'b  and  OVN'b  as  well  were  required  to  be  constant  across  the 
two  scans  of  a  read.  A  counterexample  communicated  by  Burns  shows  that  both  scans 
of  a  read  R  may  see  the  same  values  for  the  VN'b,  PVN'b,  and  OVN'b,  and  still  return 
a  value  that  is  no  longer  valid. 


A. 3  The  Second  Counterexample 

In  our  discussion  of  the  previous  counterexample,  we  assumed  that  the  writers  write  in 
a  manner  that  respects  the  atomicity  condition.  This  turns  out  not  to  be  so,  the  result 
being  another  counterexample  to  the  correctness  of  the  algorithm. 

Recall  that  when  a  writer  is  reading  the  values  that  it  needs  to  determine  what  to 
write,  it  reads  the  OVN'b  before  the  PreOVN' s.  At  the  same  time,  however,  writers 
write  their  PreOVN' s  before  they  write  their  OVN'b.  This  leads  to  trouble. 

Figure  12  presents  an  example  of  how  this  fact  can  result  in  the  improper  execution 
of  the  algorithm.  The  second  write  by  writer  X  scans  the  value  OV  N\Y,X]  before  the 
write  point  of  the  first  write  by  writer  Y .  Before  the  second  write  by  writer  X  gets 
around  to  reading  PreOV N[Y,  X]  (at  the  point  marked  “PS”),  however,  writer  Y  both 
writes  and  scans;  the  write  by  writer  Y  invalidates  the  value  of  OVN[Y,X]  seen  by 
writer  X  while  the  scan  invalidates  the  value  of  PreOV  N\Y,X].  This  means  that  the 
second  write  by  writer  X  completely  fails  to  see  the  value  of  OVN\Y,  A]  written  by  the 
first  write  by  writer  V. 

Let  P  be  the  point  immediately  preceding  the  Write  action  of  the  second  write  by 
writer  X.  Let  Q  be  the  point  immediately  following  the  same  action. 
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Figure  12:  The  second  counterexample. 

We  have  the  following  set  of  equations  at  P: 

3  =  OVN[X,  X ]  =  PVN[X ,  X]  =  3  *  VN[X,  X]  =  4 

2  =  OVN[X,Y)  =  PVN[Y, X]  =  2^  Jf]  =  3 

3  =  OV  Z]  =  VN[Z,  X]  =  3 
Thus  N(X)  =  1  and  |V"iV5(A')|  =  1. 

3  =  OVN[Y,X)  =  PVtf[jr,y]  =  3  5*  ViV[X,r]  =  4 

2  =  OVN[Y,Y]  =  PVN[Y,Y]  =  2/  Vtf[y,y]  =  3 

2  =  OVN[Y,  Z]  =  PVN[Z ,  y]  =  2  #  yjV[Z,  y]  =  3 
Thus  N{X)  =  1  and  \VNS{X)\  =  0. 

3  =  OVN[Z,  X]  =  PVN[X,  Z]  =  3  ?  Z]  =  4 

2  =  OViVfZ,  y]  =  PVN[Y,  Z]  =  2  #  y iV[K,  Z]  =  3 
2  =  oka^z,  z]  =  py^[z,  z]  =  2  #  yjv[z,  z]  =  3 

Thus  N(X)  =  1  and  |yAr5(AT)|  =  0.  Consequently,  F  =  X  at  P. 


We  have  the  following  set  of  equations  at  Q: 

4  =  OVN[X,X]  =  PVN[X,  X]  =  4  ^  VN[X,X]  =  1 

2  =  OVN[X,Y ]  =  PVN[Y,  X]  =  2  /  ViVfK,  JT]  =  3 
3  =  0  VArfX,  Z]  =  VN[Z,  X]  =  3 
Thus  JV(A-)  =  1  and  |ViV5,(A')!  =  1. 

3  =  OVN[Y,  X]  =  VN[X,Y]  =  3 

2  =  oyjv[y,y]  =  pviv[y,y]  =  2  /  v./v[y,y]  =  3 
2  =  ovAT[y,  z]  =  pvn[z,y]  =  2  ^  vw[z,y]  =  3 

Thus  N(X)  =  1  and  |ViV5(X)|  =  1. 

3  =  OVN[Z,  X]  ?  PVN[X,  Z]  =  4ond3  =  OVN[Z,X]  ^  VN[X,Z]  =  1 

2  =  OVN[Z ,  y]  =  PVN\Y ,  Z]  =  2?  VN[Y ,  Z]  =  3 

2  =  OyjV[Z,  Z]  =  PVN[Z,  Z]  =  2  ^  V1V[Z,  Z]  =  3 

Thus  N(X )  =  0  and  IViVS^)!  =  0.  Consequently,  since  Y  >  X,  F  =  Y  at  P. 

This  is  not  good  because  it  implies  that  the  most  recent  atomic  write  action  preceding 
P  is  not  that  of  the  first  write  by  writer  Y  whereas  the  most  recent  atomic  write  action 
preceding  Q  is  that  of  the  first  write  by  writer  Y.  Thus  these  writes  were  not  performed 
in  a  simulated  atomic  manner. 

The  obvious  fix  to  this  problem  is  to  scan  the  PreOVN  values  earlier.  The  code  for 
the  writer’s  protocol  that  is  proved  correct  in  the  previous  part  of  this  paper  performs 
the  scan  of  the  PreOVN  values  between  the  second  and  third  consecutive  identical 
scans  of  the  writers’  registers  instead  of  after  all  three  consecutive  identical  scans  have 
completed. 
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